Merge pull request #61 from bnc-projects/jdk13-updates

Bhavik Kumar · web-flow · commit f2797079b37f · 2019-11-18T16:34:03.000+13:00
Update to use JDK 13 and latest TF modules for deployment
diff --git a/.travis.yml b/.travis.yml
@@ -1,7 +1,7 @@
 language: java
 jdk:
-- openjdk11
-dist: xenial
+- openjdk13
+dist: bionic
 env:
   global:
   - TF_IN_AUTOMATION=1
diff --git a/build.gradle b/build.gradle
@@ -2,8 +2,8 @@ plugins {
     id 'eclipse'
     id 'idea'
     id "org.sonarqube" version "2.8" apply false
-    id "com.github.spotbugs" version "2.0.0" apply false
-    id "com.bnc.gradle.travis-ci-versioner" version "1.0.6"
+    id "com.github.spotbugs" version "2.0.1" apply false
+    id "com.bnc.gradle.travis-ci-versioner" version "1.1.0"
 }
 
 ext {
@@ -25,8 +25,8 @@ allprojects {
     apply plugin: 'org.sonarqube'
 
     group = 'com.bnc'
-    sourceCompatibility = JavaVersion.VERSION_11
-    targetCompatibility = JavaVersion.VERSION_11
+    sourceCompatibility = JavaVersion.VERSION_13
+    targetCompatibility = JavaVersion.VERSION_13
     compileJava.options.encoding = "UTF-8"
     compileTestJava.options.encoding = "UTF-8"
 
@@ -50,7 +50,7 @@ allprojects {
     }
 
     spotbugs {
-        toolVersion = '3.1.12'
+        toolVersion = '4.0.0-beta4'
         tasks.withType(com.github.spotbugs.SpotBugsTask) {
             reports {
                 xml.enabled = false
@@ -60,7 +60,7 @@ allprojects {
     }
 
     jacoco {
-        toolVersion = "0.8.4"
+        toolVersion = "0.8.5"
     }
 
     checkstyle {
@@ -81,10 +81,10 @@ allprojects {
     }
 
     dependencies {
-        implementation group: 'com.bnc', name: 'market-data-api', version: '0.0.8'
+        implementation group: 'com.bnc', name: 'market-data-api', version: '0.1.9'
 
         testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter', version: '5.5.2'
-        testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.13.2'
+        testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.14.0'
         testImplementation group: 'org.mockito', name: 'mockito-core', version: '3.1.0'
         testImplementation group: 'org.mockito', name: 'mockito-junit-jupiter', version: '3.1.0'
     }
diff --git a/deployment/terraform/ecr/ecr.tf b/deployment/terraform/ecr/ecr.tf
@@ -1,5 +1,5 @@
 module "ecr" {
-  source = "git::https://github.com/bnc-projects/terraform-aws-ecr.git?ref=1.1.0"
+  source = "git::https://github.com/bnc-projects/terraform-aws-ecr.git?ref=1.1.1"
   allowed_read_principals = [
     data.terraform_remote_state.bnc_ops.outputs.bnc_account_ids["market_data_development"],
     data.terraform_remote_state.bnc_ops.outputs.bnc_account_ids["market_data_production"],
diff --git a/deployment/terraform/ecr/main.tf b/deployment/terraform/ecr/main.tf
@@ -15,7 +15,7 @@ locals {
 
 provider "aws" {
   region  = var.aws_default_region
-  version = "~> 2.11.0"
+  version = "~> 2.36.0"
   profile = var.profile
 
   allowed_account_ids = [
diff --git a/deployment/terraform/ecs-service/ecs.tf b/deployment/terraform/ecs-service/ecs.tf
@@ -1,23 +1,107 @@
-module "ecs_service" {
-  source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=1.1.0"
-  alarm_actions = [
-    data.terraform_remote_state.market_data.outputs.alert_topic_arn
+data "aws_iam_policy_document" "task_service_assume_role" {
+  statement {
+    sid    = "AllowECSTaskToAssumeRole"
+    effect = "Allow"
+
+    actions = [
+      "sts:AssumeRole"
+    ]
+
+    principals {
+      type        = "Service"
+      identifiers = [
+        "ecs-tasks.amazonaws.com"
+      ]
+    }
+  }
+}
+
+data "aws_iam_policy" "execution_policy" {
+  arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+}
+
+module "container_definition" {
+  source            = "git::https://github.com/bnc-projects/terraform-ecs-container-definition.git?ref=1.0.0"
+  environment       = [
+    {
+      name  = "SPRING_PROFILES_ACTIVE",
+      value = terraform.workspace
+    }
+  ]
+  healthCheck       = {
+    "command"     = [
+      "CMD-SHELL",
+      "curl --silent --fail --max-time 30 http://localhost:8080/actuator/health || exit 1"
+    ],
+    "interval"    = 30,
+    "retries"     = 3,
+    "startPeriod" = 300,
+    "timeout": 5
+  }
+  logConfiguration  = {
+    "logDriver": "splunk",
+    "options": {
+      "splunk-format": "raw",
+      "splunk-insecureskipverify": "true",
+      "splunk-token": var.splunk_token,
+      "splunk-url": var.splunk_url
+    }
+  }
+  image             = format("%s:%s", data.terraform_remote_state.ecr.outputs.repository_url, var.service_version)
+  name              = var.service_name
+  cpu               = var.cpu
+  memory            = var.memory
+  memoryReservation = var.memory_reservation
+  portMappings      = [
+    {
+      containerPort = 8080
+      hostPort      = 8080,
+      protocol      = "tcp"
+    }
   ]
-  application_path         = "/sbjb"
-  cluster_name             = data.terraform_remote_state.market_data.outputs.ecs_cluster_name
-  docker_image             = format("%s:%s", data.terraform_remote_state.ecr.outputs.repository_url, var.service_version)
+}
+
+resource "aws_iam_role" "execution_task_role" {
+  name               = format("%s-execution", var.service_name)
+  assume_role_policy = data.aws_iam_policy_document.task_service_assume_role.json
+  tags               = var.tags
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_task_default_policy" {
+  role       = aws_iam_role.execution_task_role.name
+  policy_arn = data.aws_iam_policy.execution_policy.arn
+}
+
+resource "aws_iam_role" "task_role" {
+  name               = format("%s-task", var.service_name)
+  assume_role_policy = data.aws_iam_policy_document.task_service_assume_role.json
+  tags               = var.tags
+}
+
+resource "aws_ecs_task_definition" "task_definition" {
+  container_definitions = "[${module.container_definition.container_definition}]"
+  family                = var.service_name
+  cpu                   = var.cpu
+  memory                = var.memory
+  execution_role_arn    = aws_iam_role.execution_task_role.arn
+  task_role_arn         = aws_iam_role.task_role.arn
+  tags                  = merge(local.common_tags, var.tags)
+}
+
+module "ecs_service" {
+  source                   = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=1.3.2"
+  application_path         = "/v1/sbjb"
+  attach_load_balancer     = true
+  cluster                  = data.terraform_remote_state.market_data.outputs.ecs_cluster_name
   external_lb_listener_arn = data.terraform_remote_state.market_data.outputs.external_lb_https_listener_arn
   external_lb_name         = data.terraform_remote_state.market_data.outputs.external_lb_name
+  healthcheck_path         = "/actuator/health"
   internal_lb_listener_arn = data.terraform_remote_state.market_data.outputs.internal_lb_https_listener_arn
   internal_lb_name         = data.terraform_remote_state.market_data.outputs.internal_lb_name
-  java_options             = format("-javaagent:newrelic/newrelic.jar -Dnewrelic.environment=%s -Dnewrelic.config.file=newrelic/newrelic.yml", terraform.workspace)
   is_exposed_externally    = false
-  priority                 = 50
+  priority                 = 53
   service_name             = var.service_name
-  splunk_token             = var.splunk_token
-  splunk_url               = var.splunk_url
-  spring_profile           = terraform.workspace
+  task_definition_arn      = aws_ecs_task_definition.task_definition.arn
   vpc_id                   = data.terraform_remote_state.market_data.outputs.vpc_id
   tags                     = merge(local.common_tags, var.tags)
 }
-
diff --git a/deployment/terraform/ecs-service/main.tf b/deployment/terraform/ecs-service/main.tf
@@ -16,7 +16,7 @@ locals {
 
 provider "aws" {
   region  = var.aws_default_region
-  version = "~> 2.11.0"
+  version = "~> 2.36.0"
   profile = var.profile
 
   allowed_account_ids = [
diff --git a/deployment/terraform/ecs-service/variables.tf b/deployment/terraform/ecs-service/variables.tf
@@ -3,6 +3,24 @@ variable "aws_default_region" {
   default = "us-west-2"
 }
 
+variable "cpu" {
+  type        = number
+  default     = 128
+  description = "The CPU limit for the task and container."
+}
+
+variable "memory" {
+  type        = number
+  default     = 512
+  description = "The hard memory limit for the task and container"
+}
+
+variable "memory_reservation" {
+  type        = number
+  default     = 512
+  description = "The soft memory limit for the task and container"
+}
+
 variable "profile" {
   type    = string
   default = "default"
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.0-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/service/Dockerfile b/service/Dockerfile
@@ -1,16 +1,13 @@
-FROM openjdk:11.0.4-jre-slim
+FROM adoptopenjdk:13-jre-hotspot
 
-ARG JAR_FILE
-
-RUN  apt-get update && apt-get install -y wget
-RUN mkdir newrelic && wget https://download.newrelic.com/newrelic/java-agent/newrelic-agent/5.3.0/newrelic-agent-5.3.0.jar -O newrelic/newrelic.jar
-
-COPY newrelic.yml newrelic/newrelic.yml
-COPY ${JAR_FILE} app.jar
+RUN groupadd -g 999 appuser && useradd -r -u 999 -g appuser appuser
+USER appuser
 
 EXPOSE 8080
 
 ENTRYPOINT exec java -XX:MaxRAMPercentage=80 -XX:+AlwaysPreTouch -XX:+UseStringDeduplication -Djava.security.egd=file:/dev/./urandom $JAVA_OPTS -jar app.jar
 
 HEALTHCHECK --start-period=300s \
-  CMD wget --quiet --tries=1 --spider --timeout=30 http://localhost:8080/actuator/health || exit 1
+  CMD curl --silent --fail --max-time 30 http://localhost:8080/actuator/health || exit 1
+
+COPY *.jar app.jar
diff --git a/service/build.gradle b/service/build.gradle
@@ -1,8 +1,8 @@
 plugins {
-    id "org.springframework.boot" version "2.1.9.RELEASE"
+    id "org.springframework.boot" version "2.2.1.RELEASE"
     id "io.spring.dependency-management" version "1.0.8.RELEASE"
     id "com.palantir.docker" version "0.22.1"
-    id "com.gorylenko.gradle-git-properties" version "2.0.0"
+    id "com.gorylenko.gradle-git-properties" version "2.2.0"
 }
 
 jar {
@@ -32,15 +32,14 @@ if (!project.hasProperty("TAG")) {
 docker {
     name "${REPOSITORY_URI}:latest"
     tag "version", "${REPOSITORY_URI}:${TAG}"
-    files bootJar.archiveFile.getOrNull(), "${project.projectDir.absolutePath}/config/newrelic/newrelic.yml"
-    buildArgs(['JAR_FILE': "${bootJar.archiveFileName.getOrNull()}"])
+    files bootJar.archiveFile.getOrNull()
 }
 
 dependencies {
     implementation project(':client')
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
-    implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-sleuth', version: '2.1.4.RELEASE'
-    implementation group: 'io.micrometer', name: 'micrometer-registry-new-relic', version: '1.3.0'
+    implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-sleuth', version: '2.1.5.RELEASE'
+    implementation group: 'io.micrometer', name: 'micrometer-registry-new-relic', version: '1.3.1'
     testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test'
 }
diff --git a/service/config/newrelic/newrelic.yml b/service/config/newrelic/newrelic.yml
