From 966f1b69cdc462657d84269e8fad50f1ad122e60 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (home)" <sqb@home22.sqbict.xyz>
Date: Thu, 14 Dec 2023 20:33:17 +1100
Subject: [PATCH 01/14] mvp-cicd: initial push

---
 .github/workflows/build-image.yml |  54 ++++++++++++
 .github/workflows/deploy-dev.yml  |  76 +++++++++++++++++
 .gitignore                        |  17 +++-
 deploy/Dockerfile                 |  26 ++++++
 deploy/README.md                  |  60 ++++++++++++++
 deploy/container/vars.yaml        |   2 +
 deploy/docker-compose.yml         |  18 ++++
 deploy/github/development.env     |  18 ++++
 deploy/github/production.env      |  18 ++++
 deploy/github/staging.env         |  18 ++++
 deploy/tf/alb.tf                  |  41 +++++++++
 deploy/tf/aws_details.tf          |   2 +
 deploy/tf/ecs.tf                  | 133 ++++++++++++++++++++++++++++++
 deploy/tf/get-parameters.tf       |  62 ++++++++++++++
 deploy/tf/main.tf                 |   0
 deploy/tf/outputs.tf              |   3 +
 deploy/tf/variables.tf            |  64 ++++++++++++++
 deploy/tf/versions.tf             |   9 ++
 deploy/tg/global.hcl              |  51 ++++++++++++
 deploy/tg/localdeploy.env         |  13 +++
 deploy/tg/terragrunt.hcl          |  28 +++++++
 21 files changed, 710 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/build-image.yml
 create mode 100644 .github/workflows/deploy-dev.yml
 create mode 100644 deploy/Dockerfile
 create mode 100644 deploy/README.md
 create mode 100644 deploy/container/vars.yaml
 create mode 100644 deploy/docker-compose.yml
 create mode 100644 deploy/github/development.env
 create mode 100644 deploy/github/production.env
 create mode 100644 deploy/github/staging.env
 create mode 100644 deploy/tf/alb.tf
 create mode 100644 deploy/tf/aws_details.tf
 create mode 100644 deploy/tf/ecs.tf
 create mode 100644 deploy/tf/get-parameters.tf
 create mode 100644 deploy/tf/main.tf
 create mode 100644 deploy/tf/outputs.tf
 create mode 100644 deploy/tf/variables.tf
 create mode 100644 deploy/tf/versions.tf
 create mode 100644 deploy/tg/global.hcl
 create mode 100644 deploy/tg/localdeploy.env
 create mode 100644 deploy/tg/terragrunt.hcl

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
new file mode 100644
index 00000000..b58ccc80
--- /dev/null
+++ b/.github/workflows/build-image.yml
@@ -0,0 +1,54 @@
+name: Build Image cicd
+
+on:
+  # push:
+  #   branches:
+  #     - devops-cicd
+  workflow_dispatch:
+
+permissions:
+  id-token: write   # JWT
+  contents: read    # actions/checkout
+
+jobs:
+  ogcapi_app_build:
+    runs-on: ubuntu-latest
+    environment: tfintegration
+    steps:
+      - name: Checkout Repo ogcapi
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU Cross Platform Support
+        uses: docker/setup-qemu-action@v3
+
+      - name: Create Docker Buildx Worker
+        uses: docker/setup-buildx-action@v3
+
+      - name: Install JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
+
+      - name: Build with Maven
+        run: mvn -B package --file pom.xml
+
+      - name: Set AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ vars.ROLE_ARN }}
+          role-session-name: GitHub_to_AWS_OIDC
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Build and Push Application Image to ECR
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ vars.ECR_REPOSITORY }}:latest
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
new file mode 100644
index 00000000..d80b0e2f
--- /dev/null
+++ b/.github/workflows/deploy-dev.yml
@@ -0,0 +1,76 @@
+name: Deploy Dev cicd
+
+on:
+  push:
+    branches:
+      - devops-cicd
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy_application:
+    runs-on: ubuntu-latest
+    environment: tfintegration
+    env:
+      tf_version: '1.5.7'
+      tg_version: '0.54.0'
+      tg_dir: './deploy/tg'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ vars.ROLE_ARN }}
+          role-session-name: GitHub_OIDC
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Expose github environment as shell variables
+        env:
+          SECRETS_CONTEXT: ${{ toJson(secrets) }}
+          VARS_CONTEXT: ${{ toJson(vars) }}
+        run: |
+          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+          to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; }
+          echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV
+          echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV
+
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ env.tf_version }}
+
+      - name: Install Terragrunt
+        id: setup_terragrunt
+        run: |
+          wget https://github.com/gruntwork-io/terragrunt/releases/download/v${terragrunt_version}/terragrunt_linux_amd64 \
+            && mv terragrunt_linux_amd64 terragrunt \
+            && chmod +x terragrunt \
+            && mv terragrunt /usr/local/bin/terragrunt
+        env:
+          terragrunt_version: ${{ env.tg_version }}
+
+      - name: Terragrunt Plan
+        id: terragrunt_plan
+        run: terragrunt plan -out=tf.plan
+        working-directory: ${{ env.tg_dir }}
+        env:
+          TF_INPUT: 0
+          TF_IN_AUTOMATION: true
+          # get the image digest from the build job with optional override from vars context
+          TF_VAR_image: ${{ vars.IMAGE || needs.build_push.outputs.image_digest }}
+
+      - name: Terragrunt Apply
+        id: terragrunt_apply
+        run: terragrunt apply -auto-approve tf.plan
+        working-directory: ${{ env.tg_dir }}
+        env:
+          TF_INPUT: 0
+          TF_IN_AUTOMATION: true
+          # get the image digest from the build job with optional override from vars context
+          TF_VAR_image: ${{ vars.IMAGE || needs.build_push.outputs.image_digest }}
diff --git a/.gitignore b/.gitignore
index d864f358..375c328f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,15 @@
-.env
-**/target/**/*
+# IDE
 .idea
-*.iml
+
+# Local directories
+**/.terraform/*
+**/.terragrunt-cache/
+
+# Local files
+*.tfstate
+*.tfstate.*
+.terraform.lock.hcl
+
+# Crash log files
+crash.log
+crash.*.log
diff --git a/deploy/Dockerfile b/deploy/Dockerfile
new file mode 100644
index 00000000..694ea53d
--- /dev/null
+++ b/deploy/Dockerfile
@@ -0,0 +1,26 @@
+ARG TF_VERSION=1.5.7
+
+FROM hashicorp/terraform:$TF_VERSION
+
+LABEL maintainer="devops@aodn.org.au"
+
+ARG TG_VERSION=0.54.0
+ARG USER_ID=1000
+ARG GROUP_ID=1000
+ARG USERNAME=appdeploy
+
+RUN wget https://github.com/gruntwork-io/terragrunt/releases/download/v${TG_VERSION}/terragrunt_linux_amd64 \
+    && mv terragrunt_linux_amd64 terragrunt \
+    && chmod +x terragrunt \
+    && mv terragrunt /usr/local/bin/terragrunt
+
+RUN apk add --no-cache aws-cli
+
+RUN echo 'alias tf="terraform"' >> /etc/profile.d/custom_aliases.sh \
+    && echo 'alias tg="terragrunt"' >> /etc/profile.d/custom_aliases.sh
+
+ENV ENV="/etc/profile"
+
+RUN adduser -D -u $USER_ID -h /home/$USERNAME $USERNAME
+
+USER $USERNAME:$USERNAME
diff --git a/deploy/README.md b/deploy/README.md
new file mode 100644
index 00000000..53fa71bc
--- /dev/null
+++ b/deploy/README.md
@@ -0,0 +1,60 @@
+# Deployments
+Deployment of this application uses [Github Deployment Environments](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment).
+
+A successful deployment relies on the correct variables being defined in order to deploy to the correct AWS account etc.
+
+### Managing Environments
+You can view the current environment settings by visiting https://github.com/aodn/sample-django-app/settings/environments.
+
+You can view the currently defined variables there or from the cli using:
+```bash
+gh variable list -R aodn/sample-django-app -e staging
+```
+
+### Updating Variables
+Manually updating vars can be tedious and error-prone. Instead, you may define the variables you need as a .env file and push these values:
+```bash
+gh variable set -R aodn/sample-django-app -e staging -f staging.env
+```
+
+### Deploying From the CLI
+The Terragrunt module for this application depends on variables being present and will fail if they are not.
+
+To test locally, you may want to populate these into your local environment using the following command:
+```bash
+set -a; source ./github/staging.env; set +a
+terragrunt plan
+terragrunt apply
+```
+
+### Using Docker
+A Dockerfile is provided to simplify local deployment, removing the need to install the required binaries on the local system.
+
+N.B. The Dockerfile does assume a valid AWS CLI configuration.
+
+### Example deployment
+Modify the environment variables in `dev.env`:
+```text
+ALB_PARAMETER_NAME=shared-alb-dev-sydney
+APP_NAME=sample-django-app-mybranch
+AWS_ACCOUNT_ID=123456789012
+AWS_REGION=ap-southeast-2
+ECR_PARAMETER_NAME=api
+ECR_REGISTRY=123456789012.dkr.ecr.ap-southeast-2.amazonaws.com
+ECR_REPOSITORY=api
+ENVIRONMENT=mydev-stack
+RDS_PARAMETER_NAME=db01/primary/development
+```
+
+```bash
+export AWS_PROFILE=myprofile
+cd deploy
+docker-compose -f docker-compose.yml run terragrunt
+```
+
+On the container run the following:
+```bash
+set -a; source ./github/dev.env; set +a
+TF_VAR_image=latest terragrunt plan -out=tf.plan
+TF_VAR_image=latest terragrunt apply -auto-approve tf.plan
+```
diff --git a/deploy/container/vars.yaml b/deploy/container/vars.yaml
new file mode 100644
index 00000000..a351e71a
--- /dev/null
+++ b/deploy/container/vars.yaml
@@ -0,0 +1,2 @@
+allowed_hosts: "*"
+allowed_cidr_nets: "0.0.0.0/0"
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
new file mode 100644
index 00000000..ebc90ea4
--- /dev/null
+++ b/deploy/docker-compose.yml
@@ -0,0 +1,18 @@
+version: '3.7'
+
+services:
+  terragrunt:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        TF_VERSION: 1.5.7
+        TG_VERSION: 0.54.0
+    image: appdeploy:latest
+    volumes:
+      - .:/deploy
+      - ${HOME}/.aws:/home/appdeploy/.aws
+    working_dir: /deploy/tg
+    environment:
+      - AWS_PROFILE=${AWS_PROFILE}
+    entrypoint: ["sh"]
diff --git a/deploy/github/development.env b/deploy/github/development.env
new file mode 100644
index 00000000..40e0b791
--- /dev/null
+++ b/deploy/github/development.env
@@ -0,0 +1,18 @@
+# general environment variables for Terragrunt
+ALB_PARAMETER_NAME=shared-alb-devops-sydney
+APP_NAME=sample-django-app
+AWS_ACCOUNT_ID=450356697252
+AWS_REGION=ap-southeast-2
+ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-2.amazonaws.com
+ECR_REPOSITORY=api
+ENVIRONMENT=development
+
+# container definition variables
+ALLOWED_CIDR_NETS=10.32.48.0/20,10.32.64.0/20,10.32.80.0/20
+DB_HOST=stefan-db-rds-primary-evaluation.gamma.aodn.org.au
+DB_NAME=api_dev
+DB_SECRET_NAME=/rds/stefan-db/primary/evaluation/api
+DB_SECRET_REGION=ap-southeast-2
+DB_USER=api_dev
+S3_STORAGE_BUCKET_NAME=sample-django-app-development-450356697252
+S3_STORAGE_BUCKET_REGION=ap-southeast-2
diff --git a/deploy/github/production.env b/deploy/github/production.env
new file mode 100644
index 00000000..74827f9f
--- /dev/null
+++ b/deploy/github/production.env
@@ -0,0 +1,18 @@
+# general environment variables for Terragrunt
+ALB_PARAMETER_NAME=shared-alb-devops-sydney
+APP_NAME=sample-django-app
+AWS_ACCOUNT_ID=450356697252
+AWS_REGION=ap-southeast-2
+ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-2.amazonaws.com
+ECR_REPOSITORY=api
+ENVIRONMENT=production
+
+# container definition variables
+ALLOWED_CIDR_NETS=10.32.48.0/20,10.32.64.0/20,10.32.80.0/20
+DB_HOST=stefan-db-rds-primary-evaluation.gamma.aodn.org.au
+DB_NAME=api_prod
+DB_SECRET_NAME=/rds/stefan-db/primary/evaluation/api
+DB_SECRET_REGION=ap-southeast-2
+DB_USER=api_prod
+S3_STORAGE_BUCKET_NAME=sample-django-app-production-450356697252
+S3_STORAGE_BUCKET_REGION=ap-southeast-2
diff --git a/deploy/github/staging.env b/deploy/github/staging.env
new file mode 100644
index 00000000..b9613b24
--- /dev/null
+++ b/deploy/github/staging.env
@@ -0,0 +1,18 @@
+# general environment variables for Terragrunt
+ALB_PARAMETER_NAME=shared-alb-devops-sydney
+APP_NAME=sample-django-app
+AWS_ACCOUNT_ID=450356697252
+AWS_REGION=ap-southeast-2
+ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-2.amazonaws.com
+ECR_REPOSITORY=api
+ENVIRONMENT=staging
+
+# container definition variables
+ALLOWED_CIDR_NETS=10.32.48.0/20,10.32.64.0/20,10.32.80.0/20
+DB_HOST=stefan-db-rds-primary-evaluation.gamma.aodn.org.au
+DB_NAME=api
+DB_SECRET_NAME=/rds/stefan-db/primary/evaluation/api
+DB_SECRET_REGION=ap-southeast-2
+DB_USER=api
+S3_STORAGE_BUCKET_NAME=sample-django-app-staging-450356697252
+S3_STORAGE_BUCKET_REGION=ap-southeast-2
diff --git a/deploy/tf/alb.tf b/deploy/tf/alb.tf
new file mode 100644
index 00000000..bd4e3ce6
--- /dev/null
+++ b/deploy/tf/alb.tf
@@ -0,0 +1,41 @@
+resource "aws_lb_target_group" "app" {
+  name        = "${var.app_name}-${var.environment}"
+  port        = var.app_port
+  protocol    = "HTTP"
+  target_type = "ip"
+  vpc_id      = local.vpc_id
+
+  health_check {
+    enabled = true
+    path    = "/health"
+  }
+}
+
+resource "aws_route53_record" "app" {
+  for_each = toset(var.app_hostnames)
+  zone_id  = local.domain_zone_id
+  name     = each.value
+  type     = "A"
+
+  alias {
+    name                   = local.alb_dns_name
+    zone_id                = local.alb_zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_lb_listener_rule" "app_fgate" {
+  for_each     = toset(var.app_hostnames)
+  listener_arn = local.alb_https_listener_arn
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.app.arn
+  }
+
+  condition {
+    host_header {
+      values = [aws_route53_record.app[each.value].fqdn]
+    }
+  }
+}
diff --git a/deploy/tf/aws_details.tf b/deploy/tf/aws_details.tf
new file mode 100644
index 00000000..038d1e22
--- /dev/null
+++ b/deploy/tf/aws_details.tf
@@ -0,0 +1,2 @@
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
diff --git a/deploy/tf/ecs.tf b/deploy/tf/ecs.tf
new file mode 100644
index 00000000..55059050
--- /dev/null
+++ b/deploy/tf/ecs.tf
@@ -0,0 +1,133 @@
+locals {
+  app_container_vars   = [for k, v in var.container_vars : { name = upper(k), value = v }]
+
+  container_definitions = local.app_container_definition
+  app_container_definition = {
+    app = {
+      name = var.app_container_name
+      image = (
+        startswith(var.image, "sha256") ?
+        "${var.ecr_registry}/${var.ecr_repository}@${var.image}" :
+        "${var.ecr_registry}/${var.ecr_repository}:${var.image}"
+      )
+      health_check = {
+        command = ["CMD-SHELL", "uwsgi-is-ready --stats-socket /tmp/statsock > /dev/null 2>&1 || exit 1"]
+      }
+      readonly_root_filesystem = false
+      essential                = true
+      memory_reservation       = 256
+      environment              = local.app_container_vars
+      port_mappings = [
+        {
+          name          = var.app_container_name
+          containerPort = var.app_port
+          hostPort      = var.app_port
+        }
+      ]
+      mount_points = [
+        {
+          readOnly      = false
+          containerPath = "/vol/web"
+          sourceVolume  = "static"
+        }
+      ]
+    }
+  }
+}
+
+module "ecs" {
+  source  = "terraform-aws-modules/ecs/aws"
+  version = "~> 5.7.0"
+
+  # Cluster Configuration
+  cluster_name = "${var.app_name}-${var.environment}"
+  cluster_configuration = {
+    name  = "containerInsights"
+    value = "enabled"
+  }
+  create_task_exec_iam_role = true
+  fargate_capacity_providers = {
+    FARGATE = {
+      default_capacity_provider_strategy = {
+        weight = 50
+      }
+    }
+    FARGATE_SPOT = {
+      default_capacity_provider_strategy = {
+        weight = 50
+      }
+    }
+  }
+
+  # Service Configuration
+  services = {
+
+    "${var.app_name}-${var.environment}" = {
+      capacity_provider_strategy = {
+        env_strategy = {
+          base              = 0
+          capacity_provider = "FARGATE"
+          weight            = 100
+        }
+      }
+
+      # allow ECS exec commands on containers (e.g. to get a shell session)
+      enable_execute_command = true
+
+      # resources
+      cpu    = var.cpu
+      memory = var.memory
+
+      # do not force a new deployment unless the image digest has changed
+      force_new_deployment = false
+
+      # wait for service to reach steady state
+      wait_for_steady_state = true
+
+      # Container definition(s)
+      container_definitions = local.container_definitions
+
+      deployment_circuit_breaker = {
+        enable   = true
+        rollback = true
+      }
+
+      load_balancer = {
+        service = {
+          target_group_arn = aws_lb_target_group.app.arn
+          container_name   = var.app_container_name
+          container_port   = var.app_port
+        }
+      }
+
+      subnet_ids = local.private_subnets
+
+      security_group_rules = {
+        ingress_vpc = {
+          type        = "ingress"
+          from_port   = var.app_port
+          to_port     = var.app_port
+          protocol    = "tcp"
+          cidr_blocks = [local.vpc_cidr]
+        }
+        egress_all = {
+          type        = "egress"
+          from_port   = 0
+          to_port     = 0
+          protocol    = "-1"
+          cidr_blocks = ["0.0.0.0/0"]
+        }
+      }
+
+      timeouts = {
+        create = "10m"
+        update = "5m"
+        delete = "10m"
+      }
+
+      volume = {
+        static = {}
+      }
+    }
+  }
+}
diff --git a/deploy/tf/get-parameters.tf b/deploy/tf/get-parameters.tf
new file mode 100644
index 00000000..d80de7c2
--- /dev/null
+++ b/deploy/tf/get-parameters.tf
@@ -0,0 +1,62 @@
+locals {
+  # alb values
+  alb_dns_name           = nonsensitive(data.aws_ssm_parameter.alb_dns_name.value)
+  alb_https_listener_arn = nonsensitive(data.aws_ssm_parameter.alb_https_listener_arn.value)
+  alb_zone_id            = nonsensitive(data.aws_ssm_parameter.alb_zone_id.value)
+
+  # core values
+  vpc_id               = nonsensitive(data.aws_ssm_parameter.vpc_id.value)
+  vpc_cidr             = nonsensitive(data.aws_ssm_parameter.vpc_cidr.value)
+  domain_name          = nonsensitive(data.aws_ssm_parameter.zonename.value)
+  domain_zone_id       = nonsensitive(data.aws_ssm_parameter.zoneid.value)
+  public_subnets       = split(",", nonsensitive(data.aws_ssm_parameter.public_subnets.value))
+  public_subnet_cidrs  = nonsensitive(data.aws_ssm_parameter.public_subnet_cidrs.value)
+  private_subnets      = split(",", nonsensitive(data.aws_ssm_parameter.private_subnets.value))
+  private_subnet_cidrs = nonsensitive(data.aws_ssm_parameter.private_subnet_cidrs.value)
+}
+
+# alb parameters
+data "aws_ssm_parameter" "alb_dns_name" {
+  name = "/apps/alb/${var.alb_parameter_name}/alb_dns_name"
+}
+
+data "aws_ssm_parameter" "alb_https_listener_arn" {
+  name = "/apps/alb/${var.alb_parameter_name}/alb_https_listener_arn"
+}
+
+data "aws_ssm_parameter" "alb_zone_id" {
+  name = "/apps/alb/${var.alb_parameter_name}/alb_zone_id"
+}
+
+# core parameters
+data "aws_ssm_parameter" "vpc_id" {
+  name = "/core/vpc_id"
+}
+
+data "aws_ssm_parameter" "vpc_cidr" {
+  name = "/core/vpc_cidr"
+}
+
+data "aws_ssm_parameter" "public_subnets" {
+  name = "/core/subnets_public"
+}
+
+data "aws_ssm_parameter" "public_subnet_cidrs" {
+  name = "/core/subnets_public_cidr"
+}
+
+data "aws_ssm_parameter" "private_subnets" {
+  name = "/core/subnets_private"
+}
+
+data "aws_ssm_parameter" "private_subnet_cidrs" {
+  name = "/core/subnets_private_cidr"
+}
+
+data "aws_ssm_parameter" "zonename" {
+  name = "/core/zone_domain"
+}
+
+data "aws_ssm_parameter" "zoneid" {
+  name = "/core/zone_id"
+}
diff --git a/deploy/tf/main.tf b/deploy/tf/main.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/deploy/tf/outputs.tf b/deploy/tf/outputs.tf
new file mode 100644
index 00000000..3b04ff3e
--- /dev/null
+++ b/deploy/tf/outputs.tf
@@ -0,0 +1,3 @@
+output "ecs" {
+  value = module.ecs
+}
diff --git a/deploy/tf/variables.tf b/deploy/tf/variables.tf
new file mode 100644
index 00000000..1b329ae7
--- /dev/null
+++ b/deploy/tf/variables.tf
@@ -0,0 +1,64 @@
+variable "alb_parameter_name" {
+  description = "The parameter name to derive the ALB details from."
+  type        = string
+}
+
+variable "app_container_name" {
+  description = "The name of the primary application container"
+  type        = string
+  default     = "ogcapi-java-container"
+}
+
+variable "app_name" {
+  description = "The name of the application e.g. sample-django-app"
+  type        = string
+}
+
+variable "app_port" {
+  description = "The port to the application container."
+  type        = number
+  default     = 3456
+}
+
+variable "app_hostnames" {
+  description = "Hostnames to associate with the application"
+  type        = list(string)
+}
+
+variable "container_vars" {
+  description = "Map of key/pair values to pass to the container definition."
+  type        = map(any)
+}
+
+variable "cpu" {
+  description = "The CPU capacity to allocate to the task."
+  type        = number
+  default     = 512
+}
+
+variable "ecr_registry" {
+  description = "The registry to pull docker images from."
+  type        = string
+}
+
+variable "ecr_repository" {
+  description = "The repository to pull the image from."
+  type        = string
+}
+
+variable "environment" {
+  description = "Environment name to prepend/append to resource names"
+  type        = string
+}
+
+variable "image" {
+  description = "The digest/tag of the docker image to pull from ECR"
+  type        = string
+  default     = "ogcapi:latest"
+}
+
+variable "memory" {
+  description = "The CPU capacity to allocate to the task."
+  type        = number
+  default     = 1024
+}
diff --git a/deploy/tf/versions.tf b/deploy/tf/versions.tf
new file mode 100644
index 00000000..91041e50
--- /dev/null
+++ b/deploy/tf/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = "~> 1.5.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.12"
+    }
+  }
+}
diff --git a/deploy/tg/global.hcl b/deploy/tg/global.hcl
new file mode 100644
index 00000000..a6b5760b
--- /dev/null
+++ b/deploy/tg/global.hcl
@@ -0,0 +1,51 @@
+locals {
+  aws_account  = get_env("AWS_ACCOUNT_ID")
+  aws_region   = get_env("AWS_REGION")
+  environment  = get_env("ENVIRONMENT")
+  project_name = "ogcapi-java"
+  state_bucket = "tfstate-${local.aws_account}-${local.aws_region}"
+  state_key    = "apps/${local.project_name}/${local.environment}/ecs.tfstate"
+}
+
+generate "providers" {
+  path      = "providers.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "aws" {
+  region              = "${local.aws_region}"
+  allowed_account_ids = ["${local.aws_account}"]
+  default_tags {
+    tags = {
+      "Environment" = "apps"
+      "ManagedBy" = "Apps - ${local.state_bucket}/${local.state_key}"
+      "Owner" = "Platform Engineering"
+      "Project" = "AODN Applications"
+      "Repository" = "aodn/${local.project_name}"
+    }
+  }
+}
+EOF
+}
+
+remote_state {
+  backend = "s3"
+  generate = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket                      = local.state_bucket
+    key                         = local.state_key
+    region                      = local.aws_region
+    dynamodb_table              = local.state_bucket
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    disable_bucket_update       = true
+    encrypt                     = true
+  }
+}
+
+terraform {
+  source = "..//tf"
+}
diff --git a/deploy/tg/localdeploy.env b/deploy/tg/localdeploy.env
new file mode 100644
index 00000000..ccca4ede
--- /dev/null
+++ b/deploy/tg/localdeploy.env
@@ -0,0 +1,13 @@
+export AWS_ACCOUNT_ID=$AWS_ACCOUNT
+export ENVIRONMENT="tfintegration"
+
+export ALB_PARAMETER_NAME="shared-alb-devops-melbourne"
+export APP_CONTAINER_NAME="ogcapi-java-container"
+
+export APP_NAME="ogcapi-java"
+
+export APP_PORT=80
+export APP_HOSTNAMES="turd"
+export ECR_REGISTRY="450356697252.dkr.ecr.ap-southeast-4.amazonaws.com"
+export ECR_REPOSITORY="ogcapi"
+export IMAGE="450356697252.dkr.ecr.ap-southeast-4.amazonaws.com/ogcapi:latest"
diff --git a/deploy/tg/terragrunt.hcl b/deploy/tg/terragrunt.hcl
new file mode 100644
index 00000000..21f81b0f
--- /dev/null
+++ b/deploy/tg/terragrunt.hcl
@@ -0,0 +1,28 @@
+include "global" {
+  path   = "./global.hcl"
+  expose = true
+}
+
+inputs = {
+  app_name    = get_env("APP_NAME")
+  environment = local.global.environment
+
+  # fetch the ssm parameter names
+  alb_parameter_name = get_env("ALB_PARAMETER_NAME")
+
+  # DNS hostnames to associate with the container
+  app_hostnames = ["api-${local.global.environment}"]
+
+  # container-specific environment variables
+  container_vars = local.container_vars
+
+  ecr_registry   = get_env("ECR_REGISTRY")
+  ecr_repository = get_env("ECR_REPOSITORY")
+}
+
+locals {
+  container_var_defaults = yamldecode(file("../container/vars.yaml"))
+  # get any overrides from the environment (e.g. GitHub deployment variables)
+  container_vars = { for k, v in local.container_var_defaults : k => can(get_env(upper(k))) ? get_env(upper(k)) : v }
+  global         = include.global.locals
+}

From c1bafa7ab3a99c070bcad28a7c962087d734cf24 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 11:31:43 +1100
Subject: [PATCH 02/14] mvp-cicd: revision #1

---
 deploy/github/development.env | 24 +++++++++---------------
 deploy/github/production.env  | 18 ------------------
 deploy/github/staging.env     | 18 ------------------
 deploy/tg/localdeploy.env     |  1 +
 4 files changed, 10 insertions(+), 51 deletions(-)
 delete mode 100644 deploy/github/production.env
 delete mode 100644 deploy/github/staging.env

diff --git a/deploy/github/development.env b/deploy/github/development.env
index 40e0b791..507ba905 100644
--- a/deploy/github/development.env
+++ b/deploy/github/development.env
@@ -1,18 +1,12 @@
 # general environment variables for Terragrunt
-ALB_PARAMETER_NAME=shared-alb-devops-sydney
-APP_NAME=sample-django-app
+ALB_PARAMETER_NAME=shared-alb-devops-melbourne
+APP_NAME=ogcapi-java
 AWS_ACCOUNT_ID=450356697252
-AWS_REGION=ap-southeast-2
-ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-2.amazonaws.com
-ECR_REPOSITORY=api
-ENVIRONMENT=development
+AWS_REGION=ap-southeast-4
+ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-4.amazonaws.com
+ECR_REPOSITORY=ogcapi
+ENVIRONMENT=tfintegration
 
-# container definition variables
-ALLOWED_CIDR_NETS=10.32.48.0/20,10.32.64.0/20,10.32.80.0/20
-DB_HOST=stefan-db-rds-primary-evaluation.gamma.aodn.org.au
-DB_NAME=api_dev
-DB_SECRET_NAME=/rds/stefan-db/primary/evaluation/api
-DB_SECRET_REGION=ap-southeast-2
-DB_USER=api_dev
-S3_STORAGE_BUCKET_NAME=sample-django-app-development-450356697252
-S3_STORAGE_BUCKET_REGION=ap-southeast-2
+# app specific env variables
+ELASTIC_KEY=""
+ELASTIC_URL=https://dev-discovery-index.es.ap-southeast-2.aws.found.io
diff --git a/deploy/github/production.env b/deploy/github/production.env
deleted file mode 100644
index 74827f9f..00000000
--- a/deploy/github/production.env
+++ /dev/null
@@ -1,18 +0,0 @@
-# general environment variables for Terragrunt
-ALB_PARAMETER_NAME=shared-alb-devops-sydney
-APP_NAME=sample-django-app
-AWS_ACCOUNT_ID=450356697252
-AWS_REGION=ap-southeast-2
-ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-2.amazonaws.com
-ECR_REPOSITORY=api
-ENVIRONMENT=production
-
-# container definition variables
-ALLOWED_CIDR_NETS=10.32.48.0/20,10.32.64.0/20,10.32.80.0/20
-DB_HOST=stefan-db-rds-primary-evaluation.gamma.aodn.org.au
-DB_NAME=api_prod
-DB_SECRET_NAME=/rds/stefan-db/primary/evaluation/api
-DB_SECRET_REGION=ap-southeast-2
-DB_USER=api_prod
-S3_STORAGE_BUCKET_NAME=sample-django-app-production-450356697252
-S3_STORAGE_BUCKET_REGION=ap-southeast-2
diff --git a/deploy/github/staging.env b/deploy/github/staging.env
deleted file mode 100644
index b9613b24..00000000
--- a/deploy/github/staging.env
+++ /dev/null
@@ -1,18 +0,0 @@
-# general environment variables for Terragrunt
-ALB_PARAMETER_NAME=shared-alb-devops-sydney
-APP_NAME=sample-django-app
-AWS_ACCOUNT_ID=450356697252
-AWS_REGION=ap-southeast-2
-ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-2.amazonaws.com
-ECR_REPOSITORY=api
-ENVIRONMENT=staging
-
-# container definition variables
-ALLOWED_CIDR_NETS=10.32.48.0/20,10.32.64.0/20,10.32.80.0/20
-DB_HOST=stefan-db-rds-primary-evaluation.gamma.aodn.org.au
-DB_NAME=api
-DB_SECRET_NAME=/rds/stefan-db/primary/evaluation/api
-DB_SECRET_REGION=ap-southeast-2
-DB_USER=api
-S3_STORAGE_BUCKET_NAME=sample-django-app-staging-450356697252
-S3_STORAGE_BUCKET_REGION=ap-southeast-2
diff --git a/deploy/tg/localdeploy.env b/deploy/tg/localdeploy.env
index ccca4ede..e753361c 100644
--- a/deploy/tg/localdeploy.env
+++ b/deploy/tg/localdeploy.env
@@ -1,3 +1,4 @@
+# Mockup Env Values to run code locally (c.f. outside github actions)
 export AWS_ACCOUNT_ID=$AWS_ACCOUNT
 export ENVIRONMENT="tfintegration"
 

From 23cf0419c1f54068f99f00683d58523b2e239439 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 11:41:06 +1100
Subject: [PATCH 03/14] mvp-cicd: github action trigger

---
 .github/workflows/build-image.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index b58ccc80..e031c428 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -1,9 +1,9 @@
 name: Build Image cicd
 
 on:
-  # push:
-  #   branches:
-  #     - devops-cicd
+  push:
+    branches:
+      - mvp-cicd
   workflow_dispatch:
 
 permissions:

From e3e616311d149339acacf8a80d5521e497e07d4e Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 12:23:00 +1100
Subject: [PATCH 04/14] mvp-cicd: github action trigger MVP cicd

---
 .github/workflows/build-image.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index e031c428..46b49803 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -1,4 +1,4 @@
-name: Build Image cicd
+name: Build Image MVP cicd
 
 on:
   push:

From 652cc26b2c4eec62500a81c04b3dc86c59eab985 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 12:45:04 +1100
Subject: [PATCH 05/14] mvp-cicd: debug - skip maven build

---
 .github/workflows/build-image.yml | 20 ++++++++++++--------
 .github/workflows/deploy-dev.yml  |  8 ++++----
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 46b49803..c082daae 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -24,15 +24,15 @@ jobs:
       - name: Create Docker Buildx Worker
         uses: docker/setup-buildx-action@v3
 
-      - name: Install JDK 17
-        uses: actions/setup-java@v3
-        with:
-          distribution: 'temurin'
-          java-version: '17'
-          cache: 'maven'
+      # - name: Install JDK 17
+      #   uses: actions/setup-java@v3
+      #   with:
+      #     distribution: 'temurin'
+      #     java-version: '17'
+      #     cache: 'maven'
 
-      - name: Build with Maven
-        run: mvn -B package --file pom.xml
+      # - name: Build with Maven
+      #   run: mvn -B package --file pom.xml
 
       - name: Set AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -41,6 +41,10 @@ jobs:
           role-session-name: GitHub_to_AWS_OIDC
           aws-region: ${{ vars.AWS_REGION }}
 
+      - name: Display Sts CallerIdentity
+        run: |
+          aws sts get-caller-identity
+
       - name: Login ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index d80b0e2f..38fc3163 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -1,9 +1,9 @@
-name: Deploy Dev cicd
+name: Deploy App MVP cicd
 
 on:
-  push:
-    branches:
-      - devops-cicd
+  # push:
+  #   branches:
+  #     - mvp-cicd
   workflow_dispatch:
 
 permissions:

From 8d7cbab22a286a7a0726361988b77c4ce83e0168 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 13:01:19 +1100
Subject: [PATCH 06/14] mvp-cicd: debug - skip maven build #2

---
 .github/workflows/build-image.yml | 2 ++
 Dockerfile                        | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index c082daae..0acb6b98 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -17,6 +17,8 @@ jobs:
     steps:
       - name: Checkout Repo ogcapi
         uses: actions/checkout@v4
+        with:
+          ref: mvp-cicd
 
       - name: Set up QEMU Cross Platform Support
         uses: docker/setup-qemu-action@v3
diff --git a/Dockerfile b/Dockerfile
index 023b3129..3d1e7ca2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 FROM amazoncorretto:17
 VOLUME /tmp
 
-COPY ./server/target/server-java-1.0.0-SNAPSHOT-exec.jar app.jar
-ENTRYPOINT ["java","-Dapi.host=${HOST}:${PORT}","-Dserver.port=${PORT}","-Delasticsearch.serverUrl=${ELASTIC_URL}","-Delasticsearch.apiKey=${ELASTIC_KEY}","-jar","/app.jar"]
\ No newline at end of file
+# COPY ./server/target/server-java-1.0.0-SNAPSHOT-exec.jar app.jar
+# ENTRYPOINT ["java","-Dapi.host=${HOST}:${PORT}","-Dserver.port=${PORT}","-Delasticsearch.serverUrl=${ELASTIC_URL}","-Delasticsearch.apiKey=${ELASTIC_KEY}","-jar","/app.jar"]

From be69d32c557f11dd3655b1aad8e35eb388d12ec6 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 14:22:41 +1100
Subject: [PATCH 07/14] mvp-cicd: debug - skip maven build #3

---
 .github/workflows/build-image.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 0acb6b98..c6c61818 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -57,4 +57,4 @@ jobs:
           context: .
           file: ./Dockerfile
           push: true
-          tags: ${{ vars.ECR_REPOSITORY }}:latest
+          tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest

From c6bca02991f62b413c3dbe0a94c8dca772cfca7c Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 14:37:46 +1100
Subject: [PATCH 08/14] mvp-cicd:  MVP cicd rev #2

---
 .github/workflows/build-image.yml | 22 +++++++++++-----------
 .github/workflows/deploy-dev.yml  |  7 +++++--
 Dockerfile                        |  4 ++--
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index c6c61818..343c8d6b 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -26,15 +26,15 @@ jobs:
       - name: Create Docker Buildx Worker
         uses: docker/setup-buildx-action@v3
 
-      # - name: Install JDK 17
-      #   uses: actions/setup-java@v3
-      #   with:
-      #     distribution: 'temurin'
-      #     java-version: '17'
-      #     cache: 'maven'
+      - name: Install JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
 
-      # - name: Build with Maven
-      #   run: mvn -B package --file pom.xml
+      - name: Build with Maven
+        run: mvn -B package --file pom.xml
 
       - name: Set AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -43,9 +43,9 @@ jobs:
           role-session-name: GitHub_to_AWS_OIDC
           aws-region: ${{ vars.AWS_REGION }}
 
-      - name: Display Sts CallerIdentity
-        run: |
-          aws sts get-caller-identity
+      # - name: Display Sts CallerIdentity
+      #   run: |
+      #     aws sts get-caller-identity
 
       - name: Login ECR
         id: login-ecr
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index 38fc3163..3892da00 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -6,6 +6,9 @@ on:
   #     - mvp-cicd
   workflow_dispatch:
 
+env:
+  TURNIP: Edible tuba
+
 permissions:
   id-token: write
   contents: read
@@ -63,7 +66,7 @@ jobs:
           TF_INPUT: 0
           TF_IN_AUTOMATION: true
           # get the image digest from the build job with optional override from vars context
-          TF_VAR_image: ${{ vars.IMAGE || needs.build_push.outputs.image_digest }}
+          TF_VAR_image: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest
 
       - name: Terragrunt Apply
         id: terragrunt_apply
@@ -73,4 +76,4 @@ jobs:
           TF_INPUT: 0
           TF_IN_AUTOMATION: true
           # get the image digest from the build job with optional override from vars context
-          TF_VAR_image: ${{ vars.IMAGE || needs.build_push.outputs.image_digest }}
+          TF_VAR_image: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest
diff --git a/Dockerfile b/Dockerfile
index 3d1e7ca2..7b41f6c8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 FROM amazoncorretto:17
 VOLUME /tmp
 
-# COPY ./server/target/server-java-1.0.0-SNAPSHOT-exec.jar app.jar
-# ENTRYPOINT ["java","-Dapi.host=${HOST}:${PORT}","-Dserver.port=${PORT}","-Delasticsearch.serverUrl=${ELASTIC_URL}","-Delasticsearch.apiKey=${ELASTIC_KEY}","-jar","/app.jar"]
+COPY ./server/target/server-java-1.0.0-SNAPSHOT-exec.jar app.jar
+ENTRYPOINT ["java","-Dapi.host=${HOST}:${PORT}","-Dserver.port=${PORT}","-Delasticsearch.serverUrl=${ELASTIC_URL}","-Delasticsearch.apiKey=${ELASTIC_KEY}","-jar","/app.jar"]

From 6a4e8b9c021912b9347f41dd6bd2150bb771bd30 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 14:52:39 +1100
Subject: [PATCH 09/14] mvp-cicd: trigger MVP deploy cicd

---
 .github/workflows/build-image.yml |  6 +++---
 .github/workflows/deploy-dev.yml  | 12 +++++++-----
 deploy/github/development.env     |  9 +++++----
 deploy/tg/localdeploy.env         |  4 ++--
 4 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 343c8d6b..17857bf3 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -1,9 +1,9 @@
 name: Build Image MVP cicd
 
 on:
-  push:
-    branches:
-      - mvp-cicd
+  # push:
+  #   branches:
+  #     - mvp-cicd
   workflow_dispatch:
 
 permissions:
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index 3892da00..bbdeecea 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -1,13 +1,13 @@
-name: Deploy App MVP cicd
+name: Deploy Image MVP cicd
 
 on:
-  # push:
-  #   branches:
-  #     - mvp-cicd
+  push:
+    branches:
+      - mvp-cicd
   workflow_dispatch:
 
 env:
-  TURNIP: Edible tuba
+  TURNIP: An edible tuba
 
 permissions:
   id-token: write
@@ -25,6 +25,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: mvp-cicd
 
       - name: Set AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
diff --git a/deploy/github/development.env b/deploy/github/development.env
index 507ba905..cbaacf46 100644
--- a/deploy/github/development.env
+++ b/deploy/github/development.env
@@ -1,12 +1,13 @@
-# general environment variables for Terragrunt
+# General environment variables for terragrunt
+
 ALB_PARAMETER_NAME=shared-alb-devops-melbourne
 APP_NAME=ogcapi-java
 AWS_ACCOUNT_ID=450356697252
 AWS_REGION=ap-southeast-4
 ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-4.amazonaws.com
-ECR_REPOSITORY=ogcapi
+ECR_REPOSITORY=ogcapi-java
 ENVIRONMENT=tfintegration
 
-# app specific env variables
-ELASTIC_KEY=""
+# App specific environment variables for terragrunt
+ELASTIC_KEY=000000000000000000000000000000000000000000000000000==
 ELASTIC_URL=https://dev-discovery-index.es.ap-southeast-2.aws.found.io
diff --git a/deploy/tg/localdeploy.env b/deploy/tg/localdeploy.env
index e753361c..6cae91c9 100644
--- a/deploy/tg/localdeploy.env
+++ b/deploy/tg/localdeploy.env
@@ -9,6 +9,6 @@ export APP_NAME="ogcapi-java"
 
 export APP_PORT=80
 export APP_HOSTNAMES="turd"
+
 export ECR_REGISTRY="450356697252.dkr.ecr.ap-southeast-4.amazonaws.com"
-export ECR_REPOSITORY="ogcapi"
-export IMAGE="450356697252.dkr.ecr.ap-southeast-4.amazonaws.com/ogcapi:latest"
+export ECR_REPOSITORY="ogcapi-java"

From d5ad090bf7d6e1fc40adb80596b67c8e48248612 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 15:42:04 +1100
Subject: [PATCH 10/14] mvp-cicd: trigger MVP deploy cicd rev #1

---
 deploy/tf/ecs.tf       | 10 +++-------
 deploy/tf/variables.tf | 10 +++++-----
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/deploy/tf/ecs.tf b/deploy/tf/ecs.tf
index 55059050..73ef6532 100644
--- a/deploy/tf/ecs.tf
+++ b/deploy/tf/ecs.tf
@@ -5,11 +5,7 @@ locals {
   app_container_definition = {
     app = {
       name = var.app_container_name
-      image = (
-        startswith(var.image, "sha256") ?
-        "${var.ecr_registry}/${var.ecr_repository}@${var.image}" :
-        "${var.ecr_registry}/${var.ecr_repository}:${var.image}"
-      )
+      image = "${var.ecr_registry}/${var.ecr_repository}:${var.ecr_tag}"
       health_check = {
         command = ["CMD-SHELL", "uwsgi-is-ready --stats-socket /tmp/statsock > /dev/null 2>&1 || exit 1"]
       }
@@ -81,8 +77,8 @@ module "ecs" {
       # do not force a new deployment unless the image digest has changed
       force_new_deployment = false
 
-      # wait for service to reach steady state
-      wait_for_steady_state = true
+      # # wait for service to reach steady state
+      # wait_for_steady_state = true
 
       # Container definition(s)
       container_definitions = local.container_definitions
diff --git a/deploy/tf/variables.tf b/deploy/tf/variables.tf
index 1b329ae7..f39919d1 100644
--- a/deploy/tf/variables.tf
+++ b/deploy/tf/variables.tf
@@ -46,15 +46,15 @@ variable "ecr_repository" {
   type        = string
 }
 
-variable "environment" {
-  description = "Environment name to prepend/append to resource names"
+variable "ecr_tag" {
+  description = "The repo tag"
   type        = string
+  default     = "latest"
 }
 
-variable "image" {
-  description = "The digest/tag of the docker image to pull from ECR"
+variable "environment" {
+  description = "Environment name to prepend/append to resource names"
   type        = string
-  default     = "ogcapi:latest"
 }
 
 variable "memory" {

From a8a4216a26fd0aaca60c80dfc88a5d2350a0f88d Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 16:06:48 +1100
Subject: [PATCH 11/14] mvp-cicd: trigger MVP deploy cicd rev #2

---
 deploy/github/development.env |  4 +++-
 deploy/tg/localdeploy.env     | 11 +++++------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/deploy/github/development.env b/deploy/github/development.env
index cbaacf46..1d56e001 100644
--- a/deploy/github/development.env
+++ b/deploy/github/development.env
@@ -1,7 +1,6 @@
 # General environment variables for terragrunt
 
 ALB_PARAMETER_NAME=shared-alb-devops-melbourne
-APP_NAME=ogcapi-java
 AWS_ACCOUNT_ID=450356697252
 AWS_REGION=ap-southeast-4
 ECR_REGISTRY=450356697252.dkr.ecr.ap-southeast-4.amazonaws.com
@@ -9,5 +8,8 @@ ECR_REPOSITORY=ogcapi-java
 ENVIRONMENT=tfintegration
 
 # App specific environment variables for terragrunt
+APP_NAME=ogcapi-java
+APP_HOST=http://localhost
+APP_PORT=8081
 ELASTIC_KEY=000000000000000000000000000000000000000000000000000==
 ELASTIC_URL=https://dev-discovery-index.es.ap-southeast-2.aws.found.io
diff --git a/deploy/tg/localdeploy.env b/deploy/tg/localdeploy.env
index 6cae91c9..abc4cf38 100644
--- a/deploy/tg/localdeploy.env
+++ b/deploy/tg/localdeploy.env
@@ -3,12 +3,11 @@ export AWS_ACCOUNT_ID=$AWS_ACCOUNT
 export ENVIRONMENT="tfintegration"
 
 export ALB_PARAMETER_NAME="shared-alb-devops-melbourne"
-export APP_CONTAINER_NAME="ogcapi-java-container"
-
-export APP_NAME="ogcapi-java"
-
-export APP_PORT=80
-export APP_HOSTNAMES="turd"
 
 export ECR_REGISTRY="450356697252.dkr.ecr.ap-southeast-4.amazonaws.com"
 export ECR_REPOSITORY="ogcapi-java"
+
+export APP_CONTAINER_NAME="ogcapi-java-container"
+export APP_NAME="ogcapi-java"
+export APP_PORT=8081
+export APP_HOST="http://localhost"

From 817ac12b6a18c41f14f9820fa461325e8aba74da Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 16:22:36 +1100
Subject: [PATCH 12/14] mvp-cicd: trigger MVP deploy cicd rev #3

---
 deploy/tf/variables.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/deploy/tf/variables.tf b/deploy/tf/variables.tf
index f39919d1..7a4ec81c 100644
--- a/deploy/tf/variables.tf
+++ b/deploy/tf/variables.tf
@@ -6,7 +6,6 @@ variable "alb_parameter_name" {
 variable "app_container_name" {
   description = "The name of the primary application container"
   type        = string
-  default     = "ogcapi-java-container"
 }
 
 variable "app_name" {
@@ -17,7 +16,6 @@ variable "app_name" {
 variable "app_port" {
   description = "The port to the application container."
   type        = number
-  default     = 3456
 }
 
 variable "app_hostnames" {

From e9a2a07f0a24ff84dec69b7fa9bace82a65844d9 Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 16:33:19 +1100
Subject: [PATCH 13/14] mvp-cicd: trigger MVP deploy cicd rev #4

---
 deploy/tg/terragrunt.hcl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deploy/tg/terragrunt.hcl b/deploy/tg/terragrunt.hcl
index 21f81b0f..f2c02438 100644
--- a/deploy/tg/terragrunt.hcl
+++ b/deploy/tg/terragrunt.hcl
@@ -18,6 +18,9 @@ inputs = {
 
   ecr_registry   = get_env("ECR_REGISTRY")
   ecr_repository = get_env("ECR_REPOSITORY")
+
+  app_container_name = get_env("APP_CONTAINER_NAME")
+  app_port  = get_env("APP_PORT")
 }
 
 locals {

From c0da6b34a1a9ee70ec3ecb60bbd103ff5b395fea Mon Sep 17 00:00:00 2001
From: "Stewart Baillie (DevOps)" <stewart.baillie@utas.edu.au>
Date: Mon, 18 Dec 2023 16:57:42 +1100
Subject: [PATCH 14/14] mvp-cicd: trigger MVP deploy cicd rev #5

---
 deploy/container/vars.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/deploy/container/vars.yaml b/deploy/container/vars.yaml
index a351e71a..34939d13 100644
--- a/deploy/container/vars.yaml
+++ b/deploy/container/vars.yaml
@@ -1,2 +1,4 @@
-allowed_hosts: "*"
-allowed_cidr_nets: "0.0.0.0/0"
+HOST: http://localhost
+PORT: 8081
+ELASTIC_KEY: U3lLRDlZc0J1S0QtWFFCaXd1SnI6ektlOU5fNTNRcHVBZlpJMHVRWTlmUQ==
+ELASTIC_URL: https://dev-discovery-index.es.ap-southeast-2.aws.found.io