diff --git a/.github/workflows/_deploy_lambda.yml b/.github/workflows/_deploy_lambda.yml index 528300f8..51024bd4 100644 --- a/.github/workflows/_deploy_lambda.yml +++ b/.github/workflows/_deploy_lambda.yml @@ -42,6 +42,34 @@ on: required: true AWS_REGION: required: true + TF_VAR_api_key: + required: false + TF_VAR_secret_key: + required: false + TF_VAR_domain_name: + required: false + TF_VAR_epc_auth_token: + required: false + TF_VAR_google_solar_api_key: + required: false + TF_VAR_plan_trigger_bucket: + required: false + TF_VAR_data_bucket: + required: false + TF_VAR_predictions_bucket: + required: false + TF_VAR_sap_predictions_bucket: + required: false + TF_VAR_carbon_predictions_bucket: + required: false + TF_VAR_heat_predictions_bucket: + required: false + TF_VAR_heating_kwh_predictions_bucket: + required: false + TF_VAR_hotwater_kwh_predictions_bucket: + required: false + TF_VAR_energy_assessments_bucket: + required: false jobs: deploy: @@ -90,6 +118,21 @@ jobs: - name: Terraform Plan working-directory: ${{ inputs.lambda_path }} + env: + TF_VAR_api_key: ${{ secrets.TF_VAR_api_key }} + TF_VAR_secret_key: ${{ secrets.TF_VAR_secret_key }} + TF_VAR_domain_name: ${{ secrets.TF_VAR_domain_name }} + TF_VAR_epc_auth_token: ${{ secrets.TF_VAR_epc_auth_token }} + TF_VAR_google_solar_api_key: ${{ secrets.TF_VAR_google_solar_api_key }} + TF_VAR_plan_trigger_bucket: ${{ secrets.TF_VAR_plan_trigger_bucket }} + TF_VAR_data_bucket: ${{ secrets.TF_VAR_data_bucket }} + TF_VAR_predictions_bucket: ${{ secrets.TF_VAR_predictions_bucket }} + TF_VAR_sap_predictions_bucket: ${{ secrets.TF_VAR_sap_predictions_bucket }} + TF_VAR_carbon_predictions_bucket: ${{ secrets.TF_VAR_carbon_predictions_bucket }} + TF_VAR_heat_predictions_bucket: ${{ secrets.TF_VAR_heat_predictions_bucket }} + TF_VAR_heating_kwh_predictions_bucket: ${{ secrets.TF_VAR_heating_kwh_predictions_bucket }} + TF_VAR_hotwater_kwh_predictions_bucket: ${{ secrets.TF_VAR_hotwater_kwh_predictions_bucket }} + TF_VAR_energy_assessments_bucket: ${{ secrets.TF_VAR_energy_assessments_bucket }} run: | terraform plan \ -var="stage=${{ inputs.stage }}" \ @@ -106,10 +149,24 @@ jobs: - name: Terraform Destroy if: inputs.terraform_destroy == 'true' && inputs.terraform_apply != 'true' working-directory: ${{ inputs.lambda_path }} + env: + TF_VAR_api_key: ${{ secrets.TF_VAR_api_key }} + TF_VAR_secret_key: ${{ secrets.TF_VAR_secret_key }} + TF_VAR_domain_name: ${{ secrets.TF_VAR_domain_name }} + TF_VAR_epc_auth_token: ${{ secrets.TF_VAR_epc_auth_token }} + TF_VAR_google_solar_api_key: ${{ secrets.TF_VAR_google_solar_api_key }} + TF_VAR_plan_trigger_bucket: ${{ secrets.TF_VAR_plan_trigger_bucket }} + TF_VAR_data_bucket: ${{ secrets.TF_VAR_data_bucket }} + TF_VAR_predictions_bucket: ${{ secrets.TF_VAR_predictions_bucket }} + TF_VAR_sap_predictions_bucket: ${{ secrets.TF_VAR_sap_predictions_bucket }} + TF_VAR_carbon_predictions_bucket: ${{ secrets.TF_VAR_carbon_predictions_bucket }} + TF_VAR_heat_predictions_bucket: ${{ secrets.TF_VAR_heat_predictions_bucket }} + TF_VAR_heating_kwh_predictions_bucket: ${{ secrets.TF_VAR_heating_kwh_predictions_bucket }} + TF_VAR_hotwater_kwh_predictions_bucket: ${{ secrets.TF_VAR_hotwater_kwh_predictions_bucket }} + TF_VAR_energy_assessments_bucket: ${{ secrets.TF_VAR_energy_assessments_bucket }} run: | terraform destroy -auto-approve \ -var="stage=${{ inputs.stage }}" \ -var="lambda_name=${{ inputs.lambda_name }}" \ -var="ecr_repo_url=${{ steps.repo.outputs.ecr_repo_url }}" \ -var="image_digest=${{ inputs.image_digest }}" - diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml index 4c9ce44a..4b0adbac 100644 --- a/.github/workflows/deploy_terraform.yml +++ b/.github/workflows/deploy_terraform.yml @@ -241,4 +241,45 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} AWS_REGION: ${{ secrets.DEV_AWS_REGION }} + # ============================================================ + # Ara Engine image and Push + # ============================================================ + ara_engine_image: + needs: [determine_stage, shared_terraform] + uses: ./.github/workflows/_build_image.yml + with: + ecr_repo: engine-${{ needs.determine_stage.outputs.stage }} + dockerfile_path: backend/docker/engine.Dockerfile + build_context: . + # ============================================================ + # Deploy Categorisation Lambda + # ============================================================ + ara_engine_lambda: + needs: [ara_engine_image, determine_stage] + uses: ./.github/workflows/_deploy_lambda.yml + with: + lambda_name: ara_engine + lambda_path: infrastructure/terraform/lambda/engine + stage: ${{ needs.determine_stage.outputs.stage }} + ecr_repo: engine-${{ needs.determine_stage.outputs.stage }} + image_digest: ${{ needs.ara_engine_image.outputs.image_digest }} + terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }} + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ secrets.DEV_AWS_REGION }} + TF_VAR_api_key: ${{ secrets.DEV_API_KEY }} + TF_VAR_secret_key: ${{ secrets.DEV_SECRET_KEY }} + TF_VAR_domain_name: ${{ secrets.DEV_DOMAIN_NAME }} + TF_VAR_epc_auth_token: ${{ secrets.DEV_EPC_AUTH_TOKEN }} + TF_VAR_google_solar_api_key: ${{ secrets.DEV_GOOGLE_SOLAR_API_KEY }} + TF_VAR_plan_trigger_bucket: ${{ secrets.DEV_PLAN_TRIGGER_BUCKET }} + TF_VAR_data_bucket: ${{ secrets.DEV_DATA_BUCKET }} + TF_VAR_predictions_bucket: ${{ secrets.DEV_PREDICTIONS_BUCKET }} + TF_VAR_sap_predictions_bucket: ${{ secrets.DEV_SAP_PREDICTIONS_BUCKET }} + TF_VAR_carbon_predictions_bucket: ${{ secrets.DEV_CARBON_PREDICTIONS_BUCKET }} + TF_VAR_heat_predictions_bucket: ${{ secrets.DEV_HEAT_PREDICTIONS_BUCKET }} + TF_VAR_heating_kwh_predictions_bucket: ${{ secrets.DEV_HEATING_KWH_PREDICTIONS_BUCKET }} + TF_VAR_hotwater_kwh_predictions_bucket: ${{ secrets.DEV_HOTWATER_KWH_PREDICTIONS_BUCKET }} + TF_VAR_energy_assessments_bucket: ${{ secrets.DEV_ENERGY_ASSESSMENTS_BUCKET }} \ No newline at end of file diff --git a/infrastructure/terraform/lambda/engine/main.tf b/infrastructure/terraform/lambda/engine/main.tf index c1cff8a3..f9cb4f46 100644 --- a/infrastructure/terraform/lambda/engine/main.tf +++ b/infrastructure/terraform/lambda/engine/main.tf @@ -7,6 +7,15 @@ data "terraform_remote_state" "shared" { } } +data "aws_secretsmanager_secret_version" "db_credentials" { + secret_id = "${var.stage}/assessment_model/db_credentials" +} + +locals { + db_credentials = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string) +} + + module "lambda" { source = "../modules/lambda_with_sqs" @@ -18,8 +27,44 @@ module "lambda" { # Optional: Set maximum_concurrency to limit concurrent SQS-triggered invocations (2-1000) maximum_concurrency = var.maximum_concurrency - environment = { - STAGE = var.stage - LOG_LEVEL = "info" - } -} \ No newline at end of file + environment = merge( + { + STAGE = var.stage + LOG_LEVEL = "info" + + # DB from Secrets Manager + DB_USERNAME = local.db_credentials.db_assessment_model_username + DB_PASSWORD = local.db_credentials.db_assessment_model_password + + # Secrets from GitHub + DB_HOST = var.db_host + DB_NAME = var.db_name + DB_PORT = var.db_port + API_KEY = var.api_key + SECRET_KEY = var.secret_key + DOMAIN_NAME = var.domain_name + EPC_AUTH_TOKEN = var.epc_auth_token + GOOGLE_SOLAR_API_KEY = var.google_solar_api_key + + # Buckets + PLAN_TRIGGER_BUCKET = var.plan_trigger_bucket + DATA_BUCKET = var.data_bucket + PREDICTIONS_BUCKET = var.predictions_bucket + SAP_PREDICTIONS_BUCKET = var.sap_predictions_bucket + CARBON_PREDICTIONS_BUCKET = var.carbon_predictions_bucket + HEAT_PREDICTIONS_BUCKET = var.heat_predictions_bucket + HEATING_KWH_PREDICTIONS_BUCKET = var.heating_kwh_predictions_bucket + HOTWATER_KWH_PREDICTIONS_BUCKET = var.hotwater_kwh_predictions_bucket + ENERGY_ASSESSMENTS_BUCKET = var.energy_assessments_bucket + + # SQS + ENGINE_SQS_URL = module.lambda.sqs_queue_url + + # Deployment + ECR_URI = var.ecr_repo_url + GITHUB_SHA = var.image_digest + } + ) +} + +# Policies and IAM \ No newline at end of file diff --git a/infrastructure/terraform/lambda/engine/variables.tf b/infrastructure/terraform/lambda/engine/variables.tf index 503bf6c8..189cc848 100644 --- a/infrastructure/terraform/lambda/engine/variables.tf +++ b/infrastructure/terraform/lambda/engine/variables.tf @@ -23,10 +23,70 @@ variable "maximum_concurrency" { description = "Maximum number of concurrent Lambda invocations from SQS (2-1000). null = no limit." } +variable "api_key" { + type = string + sensitive = true +} + +variable "secret_key" { + type = string + sensitive = true +} + +variable "domain_name" { + type = string +} + +variable "epc_auth_token" { + type = string + sensitive = true +} + +variable "google_solar_api_key" { + type = string + sensitive = true +} + +variable "plan_trigger_bucket" { + type = string +} + +variable "data_bucket" { + type = string +} + +variable "predictions_bucket" { + type = string +} + +variable "sap_predictions_bucket" { + type = string +} + +variable "carbon_predictions_bucket" { + type = string +} + +variable "heat_predictions_bucket" { + type = string +} + +variable "heating_kwh_predictions_bucket" { + type = string +} + +variable "hotwater_kwh_predictions_bucket" { + type = string +} + +variable "energy_assessments_bucket" { + type = string +} + locals { image_uri = "${var.ecr_repo_url}@${var.image_digest}" } output "resolved_image_uri" { value = local.image_uri -} +} \ No newline at end of file