Add a build step to deploy to EKS

.gitlab-ci.yml

@@ -63,7 +63,7 @@ stages:
   - after_test
   - review
   - scan
-  - deploy_production
+  - deploy_eks
 
 workflow:
   rules:
@@ -604,21 +604,6 @@ stop-review-app:
     - if: $CI_PIPELINE_SOURCE != "merge_request_event"
       when: never
 
-deploy_production:
-  stage: deploy_production
-  allow_failure: true
-  needs:
-    - job: build-review-image
-  resource_group: $CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov
-  extends: .deploy
-  environment:
-    name: production
-    deployment_tier: production
-    url: https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov
-  rules:
-    - if: $CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "push"
-
-
 include:
   - template: Jobs/SAST.gitlab-ci.yml
   - template: Jobs/Dependency-Scanning.gitlab-ci.yml
@@ -867,3 +852,17 @@ audit_packages_scheduled:
       fi
   rules:
     - if: $CI_PIPELINE_SOURCE == "schedule"
+
+# EKS deployment
+deploy_eks:
+  trigger:
+    project: lg-public/identity-eks-control
+    # TODO change branch to main before merge
+    branch: lrappaport/deploy-eks
+  stage: deploy_eks
+  variables:
+    APP: idp
+    IMAGE_TAG: $CI_COMMIT_SHA
+  # TODO uncomment before merge, this is for testing on branch
+  # rules:
+  #   - if: $CI_COMMIT_BRANCH == "main"

config/application.yml.default

@@ -62,10 +62,12 @@ component_previews_enabled: false
 compromised_password_randomizer_threshold: 900
 compromised_password_randomizer_value: 1000
 country_phone_number_overrides: '{}'
+database_advisory_locks_enabled: false
 database_host: ''
 database_name: ''
 database_password: ''
 database_pool_idp: 5
+database_prepared_statements_enabled: false
 database_read_replica_host: ''
 database_readonly_password: ''
 database_readonly_username: ''

config/application.yml.default.docker

@@ -4,8 +4,10 @@ production:
   available_locales: 'en,es,fr,zh'
   asset_host: ['env', 'ASSET_HOST']
   component_previews_enabled: true
+  database_advisory_locks_enabled: false
   database_host: ['env', 'POSTGRES_HOST']
   database_name: ['env', 'POSTGRES_NAME']
+  database_prepared_statements_enabled: false
   database_password: ['env', 'POSTGRES_PASSWORD']
   database_sslmode: ['env', 'POSTGRES_SSLMODE']
   database_username: ['env', 'POSTGRES_USERNAME']

config/database.yml

@@ -86,8 +86,8 @@ production:
     host: <%= IdentityConfig.store.database_socket.present? ?  IdentityConfig.store.database_socket : IdentityConfig.store.database_host %>
     password: <%= IdentityConfig.store.database_password %>
     pool: <%= primary_pool %>
-    advisory_locks: <%= !IdentityConfig.store.database_socket.present? %>
-    prepared_statements: <%= !IdentityConfig.store.database_socket.present? %>
+    advisory_locks: <%= IdentityConfig.store.database_advisory_locks_enabled %>
+    prepared_statements: <%= IdentityConfig.store.database_prepared_statements_enabled %>
     sslmode: <%= IdentityConfig.store.database_sslmode %>
     sslrootcert: '/usr/local/share/aws/rds-combined-ca-bundle.pem'
     migrations_paths: db/primary_migrate

lib/identity_config.rb

@@ -81,10 +81,12 @@ def self.store
     config.add(:country_phone_number_overrides, type: :json)
     config.add(:dashboard_api_token, type: :string)
     config.add(:dashboard_url, type: :string)
+    config.add(:database_advisory_locks_enabled, type: :boolean)
     config.add(:database_host, type: :string)
     config.add(:database_name, type: :string)
     config.add(:database_password, type: :string)
     config.add(:database_pool_idp, type: :integer)
+    config.add(:database_prepared_statements_enabled, type: :boolean)
     config.add(:database_read_replica_host, type: :string)
     config.add(:database_readonly_password, type: :string)
     config.add(:database_readonly_username, type: :string)