From ba2ee3fa93f8c8359d480af3f76c5252ad1795d9 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Tue, 10 Mar 2026 12:28:09 +0100 Subject: [PATCH] add environment_variable to set docker image tag ENV_LABEL environment variable sets the ooniapi docker image tag in each Makefile. This builds docker images tagged with :dev for deployment from the dev environment, so that images built in a deploy to dev or prod are distinct. --- tf/environments/dev/main.tf | 20 +++++++++++++------ tf/environments/prod/main.tf | 8 ++++++++ tf/modules/ooni_docker_build/main.tf | 6 ++++++ tf/modules/ooni_docker_build/variables.tf | 7 ++++++- tf/modules/ooniapi_service_deployer/main.tf | 6 ++++++ .../ooniapi_service_deployer/variables.tf | 4 ++++ 6 files changed, 44 insertions(+), 7 deletions(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 7041dccc..416e6f44 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -555,6 +555,7 @@ module "ooniapi_ooniprobe_deployer" { service_name = "ooniprobe" repo = "ooni/backend" branch_name = "test-userauth" + environment = local.environment trigger_path = "ooniapi/services/ooniprobe/**" buildspec_path = "ooniapi/services/ooniprobe/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -576,7 +577,7 @@ module "ooniapi_ooniprobe" { vpc_id = module.network.vpc_id service_name = "ooniprobe" - default_docker_image_url = "ooni/api-ooniprobe:latest" + default_docker_image_url = "ooni/api-ooniprobe:dev" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name @@ -629,6 +630,7 @@ module "ooniapi_reverseproxy_deployer" { service_name = "reverseproxy" repo = "ooni/backend" branch_name = "master" + environment = local.environment trigger_path = "ooniapi/services/reverseproxy/**" buildspec_path = "ooniapi/services/reverseproxy/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -650,7 +652,7 @@ module "ooniapi_reverseproxy" { vpc_id = module.network.vpc_id service_name = "reverseproxy" - default_docker_image_url = "ooni/api-reverseproxy:latest" + default_docker_image_url = "ooni/api-reverseproxy:dev" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name @@ -902,6 +904,7 @@ module "fastpath_builder" { service_name = "fastpath" repo = "ooni/backend" branch_name = "master" + environment = local.environment buildspec_path = "fastpath/buildspec.yml" trigger_path = "fastpath/**" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -919,6 +922,7 @@ module "ooniapi_oonirun_deployer" { service_name = "oonirun" repo = "ooni/backend" branch_name = "oonirun-v2-1" + environment = local.environment buildspec_path = "ooniapi/services/oonirun/buildspec.yml" trigger_path = "ooniapi/services/oonirun/**" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -937,7 +941,7 @@ module "ooniapi_oonirun" { vpc_id = module.network.vpc_id service_name = "oonirun" - default_docker_image_url = "ooni/api-oonirun:latest" + default_docker_image_url = "ooni/api-oonirun:dev" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name @@ -968,6 +972,7 @@ module "ooniapi_oonifindings_deployer" { service_name = "oonifindings" repo = "ooni/backend" branch_name = "master" + environment = local.environment trigger_path = "ooniapi/services/oonifindings/**" buildspec_path = "ooniapi/services/oonifindings/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -986,7 +991,7 @@ module "ooniapi_oonifindings" { vpc_id = module.network.vpc_id service_name = "oonifindings" - default_docker_image_url = "ooni/api-oonifindings:latest" + default_docker_image_url = "ooni/api-oonifindings:dev" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name @@ -1018,6 +1023,7 @@ module "ooniapi_ooniauth_deployer" { service_name = "ooniauth" repo = "ooni/backend" branch_name = "master" + environment = local.environment buildspec_path = "ooniapi/services/ooniauth/buildspec.yml" trigger_path = "ooniapi/services/ooniauth/**" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -1036,7 +1042,7 @@ module "ooniapi_ooniauth" { vpc_id = module.network.vpc_id service_name = "ooniauth" - default_docker_image_url = "ooni/api-ooniauth:latest" + default_docker_image_url = "ooni/api-ooniauth:dev" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name @@ -1086,6 +1092,7 @@ module "ooniapi_oonimeasurements_deployer" { service_name = "oonimeasurements" repo = "ooni/backend" branch_name = "event-detector" + environment = local.environment trigger_path = "ooniapi/services/oonimeasurements/**" buildspec_path = "ooniapi/services/oonimeasurements/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -1105,7 +1112,7 @@ module "ooniapi_oonimeasurements" { vpc_id = module.network.vpc_id service_name = "oonimeasurements" - default_docker_image_url = "ooni/api-oonimeasurements:latest" + default_docker_image_url = "ooni/api-oonimeasurements:dev" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name @@ -1230,6 +1237,7 @@ module "testlists_builder" { service_name = "testlists" repo = "ooni/backend" branch_name = "master" + environment = local.environment buildspec_path = "ooniapi/services/testlists/buildspec.yml" trigger_path = "ooniapi/services/testlists/**" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf index a3e41a8e..17bfd636 100644 --- a/tf/environments/prod/main.tf +++ b/tf/environments/prod/main.tf @@ -426,6 +426,7 @@ module "ooniapi_reverseproxy_deployer" { service_name = "reverseproxy" repo = "ooni/backend" branch_name = "master" + environment = local.environment trigger_path = "ooniapi/services/reverseproxy/**" buildspec_path = "ooniapi/services/reverseproxy/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -778,6 +779,7 @@ module "ooniapi_ooniprobe_deployer" { service_name = "ooniprobe" repo = "ooni/backend" branch_name = "master" + environment = local.environment trigger_path = "ooniapi/services/ooniprobe/**" buildspec_path = "ooniapi/services/ooniprobe/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -927,6 +929,7 @@ module "fastpath_builder" { service_name = "fastpath" repo = "ooni/backend" branch_name = "master" + environment = local.environment buildspec_path = "fastpath/buildspec.yml" trigger_path = "fastpath/**" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -945,6 +948,7 @@ module "ooniapi_oonirun_deployer" { service_name = "oonirun" repo = "ooni/backend" branch_name = "master" + environment = local.environment trigger_path = "ooniapi/services/oonirun/**" buildspec_path = "ooniapi/services/oonirun/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -994,6 +998,7 @@ module "ooniapi_oonifindings_deployer" { service_name = "oonifindings" repo = "ooni/backend" branch_name = "master" + environment = local.environment trigger_path = "ooniapi/services/oonifindings/**" buildspec_path = "ooniapi/services/oonifindings/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -1044,6 +1049,7 @@ module "ooniapi_ooniauth_deployer" { service_name = "ooniauth" repo = "ooni/backend" branch_name = "master" + environment = local.environment trigger_path = "ooniapi/services/ooniauth/**" buildspec_path = "ooniapi/services/ooniauth/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -1113,6 +1119,7 @@ module "ooniapi_oonimeasurements_deployer" { service_name = "oonimeasurements" repo = "ooni/backend" branch_name = "master" + environment = local.environment trigger_path = "ooniapi/services/oonimeasurements/**" buildspec_path = "ooniapi/services/oonimeasurements/buildspec.yml" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn @@ -1263,6 +1270,7 @@ module "testlists_builder" { service_name = "testlists" repo = "ooni/backend" branch_name = "master" + environment = local.environment buildspec_path = "ooniapi/services/testlists/buildspec.yml" trigger_path = "ooniapi/services/testlists/**" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn diff --git a/tf/modules/ooni_docker_build/main.tf b/tf/modules/ooni_docker_build/main.tf index b2c3d741..f157f37a 100644 --- a/tf/modules/ooni_docker_build/main.tf +++ b/tf/modules/ooni_docker_build/main.tf @@ -4,6 +4,7 @@ data "aws_caller_identity" "current" {} locals { account_id = data.aws_caller_identity.current.account_id + env_label = var.environment == "prod" ? "latest" : "dev" } resource "aws_iam_policy" "codebuild" { @@ -122,6 +123,11 @@ resource "aws_codebuild_project" "oonidkr" { image_pull_credentials_type = "CODEBUILD" privileged_mode = "true" type = "LINUX_CONTAINER" + + environment_variable { + name = "ENV_LABEL" + value = local.env_label + } } logs_config { diff --git a/tf/modules/ooni_docker_build/variables.tf b/tf/modules/ooni_docker_build/variables.tf index 53edc7e2..4383eb52 100644 --- a/tf/modules/ooni_docker_build/variables.tf +++ b/tf/modules/ooni_docker_build/variables.tf @@ -36,4 +36,9 @@ variable "ecs_cluster_name" { variable "trigger_path" { description = "path filter for push changes which trigger the codepipeline eg. ooniapi/services/oonirun/**" -} \ No newline at end of file +} + +variable "environment" { + description = "Deployment environment (e.g., prod, dev)" + type = string +} diff --git a/tf/modules/ooniapi_service_deployer/main.tf b/tf/modules/ooniapi_service_deployer/main.tf index 5f2624ab..25af61e3 100755 --- a/tf/modules/ooniapi_service_deployer/main.tf +++ b/tf/modules/ooniapi_service_deployer/main.tf @@ -4,6 +4,7 @@ data "aws_caller_identity" "current" {} locals { account_id = data.aws_caller_identity.current.account_id + env_label = var.environment == "prod" ? "latest" : "dev" } resource "aws_iam_policy" "codebuild" { @@ -122,6 +123,11 @@ resource "aws_codebuild_project" "ooniapi" { image_pull_credentials_type = "CODEBUILD" privileged_mode = "true" type = "LINUX_CONTAINER" + + environment_variable { + name = "ENV_LABEL" + value = local.env_label + } } logs_config { diff --git a/tf/modules/ooniapi_service_deployer/variables.tf b/tf/modules/ooniapi_service_deployer/variables.tf index f35a57bc..73e0dc7e 100644 --- a/tf/modules/ooniapi_service_deployer/variables.tf +++ b/tf/modules/ooniapi_service_deployer/variables.tf @@ -38,3 +38,7 @@ variable "ecs_service_name" { description = "id of the service in the cluster to deploy" } +variable "environment" { + description = "Deployment environment (e.g., prod, dev)" + type = string +}