DPC-5270: Updating dpc-app CodeBuild machine type#434
DPC-5270: Updating dpc-app CodeBuild machine type#434jscott-nava wants to merge 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Thank you @jscott-nava for this quick update! Tofu might not be picking up the changes since I manually updated our codebuild-dpc-app-non-prod to confirm my changes.
## 🎫 Ticket https://jira.cms.gov/browse/DPC-5270 ## 🛠 Changes <!-- What was added, updated, or removed in this PR? --> This change updates the "build and deploy" and "CI workflow" to allow our Java apps to use the new Arm64 AWS CodeBuilder runners and run on ECS Fargate Arm64 containers. This change should be merged in conjunction with the cdap and dpc-ops repo PRs: dpc-ops: CMSgov/dpc-ops#933 cdap: CMSgov/cdap#434 ## ℹ️ Context <!-- Why were these changes made? Add background context suitable for a non-technical audience. --> <!-- If any of the following security implications apply, this PR must not be merged without Stephen Walter's approval. Explain in this section and add @SJWalter11 as a reviewer. - Adds a new software dependency or dependencies. - Modifies or invalidates one or more of our security controls. - Stores or transmits data that was not stored or transmitted before. - Requires additional review of security implications for other reasons. --> This is part of the larger effort to switch all our service to arm64 and additional PR will be created to switch our Java services and other workflows to arm64 as well. Additional Tickets: https://jira.cms.gov/browse/DPC-5307 https://jira.cms.gov/browse/DPC-5315 https://jira.cms.gov/browse/DPC-5295 ## 🧪 Validation <!-- How were the changes verified? Did you fully test the acceptance criteria in the ticket? Provide reproducible testing instructions and screenshots if applicable. --> Successful deploy to test using the associated dpc-ops changes: https://github.com/CMSgov/dpc-app/actions/runs/23803848322 DPC CI Workflow success: https://github.com/CMSgov/dpc-app/actions/runs/23802974707
mianava
left a comment
mianava
left a comment
There was a problem hiding this comment.
I think we can honor the previously defined lifecycle management policy here and rely on changes made in the AWS console. Until we have a pattern for managing variable by environments, would like to avoid adding more conditional logic based on environment within the services.
|
@mianava Sounds good - I'll close this PR without merging and we'll adjust our compute types manually through the console as required. |
4 participants
🎫 Ticket
https://jira.cms.gov/browse/DPC-5270
🛠 Changes
This PR consists of an update to the
dpc-appCodeBuild compute type fromBUILD_GENERAL1_SMALLtoBUILD_GENERAL1_MEDIUM.ℹ️ Context
This change was required to allow DPC Java apps to build successfully on the CodeBuild runner instances. The initial resource type consisting of 2 vCPUs and 4 GB of memory was under-provisioned for the requirements of the DPC Java build. The new configuration of 4 vCPUs and 8 GB of memory has proven to be sufficient in testing.
Open questions:
While testing this change with TF plans, I noticed that the TF doesn't seem to care if the state doesn't match the current compute type.
Dpc-appincdap-testhad been manually updated to 4CPUs/8GB, but the plan (before this PR was created) showed the state being 2CPUs/4GB, and was not planning to update the project to match the state. And then on prod there were no changes planned with the change here included, so it would seem that the TFaws_codebuild_projectresource doesn't care about thecompute_typeparameter after the initial resource creation.Are we even allowed to increase the compute type without approval from a cost perspective?
This fix is a little hacky, and assumes that the requirement for a different compute type will be limited to
dpc-app. Should there be a more robust fix that will scale to various requirements for different repos?🧪 Validation
The compute type configuration update was made manually in the
cdap-testenvironment where it was verified as being sufficient.Additionally, TF plans were generated before and after making this change; in each case the plan result was
No changes. Your infrastructure matches the configuration.This would indicate that the TFaws_codebuild_projectdoes not accurately track the value ofcompute_typeon updates.