Refactor deployment workflow and ECR repository configuration

- Updated the deployment workflow to use a new naming convention for the Docker image tag and repository.
- Removed the conditional check for existing images in ECR, ensuring a build and push occurs every time.
- Introduced a new ECR repository resource for the record processor, enhancing image management.
- Adjusted IAM policies and ECS task definitions to reference the new repository configuration.

Author: Thomas-Boyle

.github/workflows/deploy-backend.yml

@@ -127,16 +127,12 @@ jobs:
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
         working-directory: lambdas
         run: |
-          IMAGE_TAG="${GITHUB_SHA}"
-          REPOSITORY_NAME="imms-${SUB_ENVIRONMENT}-processing-repo"
+          IMAGE_TAG="${SUB_ENVIRONMENT}-${GITHUB_SHA}"
+          REPOSITORY_NAME="imms-recordprocessor-repo"
           IMAGE_URI="${ECR_REGISTRY}/${REPOSITORY_NAME}:${IMAGE_TAG}"
 
-          if aws ecr describe-images --repository-name "${REPOSITORY_NAME}" --image-ids imageTag="${IMAGE_TAG}" --region "${AWS_REGION}" >/dev/null 2>&1; then
-            echo "Image ${IMAGE_TAG} already exists in ECR, skipping build and push"
-          else
-            docker build -f recordprocessor/Dockerfile -t "${IMAGE_URI}" .
-            docker push "${IMAGE_URI}"
-          fi
+          docker build -f recordprocessor/Dockerfile -t "${IMAGE_URI}" .
+          docker push "${IMAGE_URI}"
 
   terraform-apply:
     permissions:

infrastructure/account/recordprocessor_ecr_repo.tf

@@ -0,0 +1,9 @@
+resource "aws_ecr_repository" "processing_repository" {
+  image_scanning_configuration {
+    scan_on_push = true
+  }
+  image_tag_mutability = "IMMUTABLE"
+  name                 = "${local.short_prefix}-recordprocessor-repo"
+}
+
+#TODO add lifecycle policy to manage images

infrastructure/instance/ecs_batch_processor_config.tf

@@ -1,4 +1,3 @@
-# Define the ECS Cluster
 resource "aws_ecs_cluster" "ecs_cluster" {
   name = "${local.short_prefix}-ecs-cluster"
 
@@ -11,33 +10,8 @@ resource "aws_ecs_cluster" "ecs_cluster" {
   }
 }
 
-resource "aws_ecr_repository" "processing_repository" {
-  image_scanning_configuration {
-    scan_on_push = true
-  }
-  image_tag_mutability = "IMMUTABLE"
-  name                 = "${local.short_prefix}-processing-repo"
-  force_delete         = local.is_temp
-}
-
-resource "aws_ecr_lifecycle_policy" "processing_repository_policy" {
-  repository = aws_ecr_repository.processing_repository.name
-  policy = jsonencode({
-    "rules" : [
-      {
-        "rulePriority" : 1,
-        "description" : "Keep only the last 2 images",
-        "selection" : {
-          "tagStatus" : "any",
-          "countType" : "imageCountMoreThan",
-          "countNumber" : 2
-        },
-        "action" : {
-          "type" : "expire"
-        }
-      }
-    ]
-  })
+data "aws_ecr_repository" "recordprocessor_repository" {
+  name = "${local.short_prefix}-recordprocessor-repo"
 }
 
 # Define the IAM Role for ECS Task Execution
@@ -131,7 +105,7 @@ resource "aws_iam_policy" "ecs_task_exec_policy" {
         Action = [
           "ecr:GetAuthorizationToken"
         ],
-        Resource = "arn:aws:ecr:${var.aws_region}:${var.immunisation_account_id}:repository/${local.short_prefix}-processing-repo"
+        Resource = "arn:aws:ecr:${var.aws_region}:${var.immunisation_account_id}:repository/${data.aws_ecr_repository_recordprocessor_repository.name}"
       },
       {
         "Effect" : "Allow",
@@ -171,7 +145,7 @@ resource "aws_ecs_task_definition" "ecs_task" {
 
   container_definitions = jsonencode([{
     name      = "${local.short_prefix}-process-records-container"
-    image     = "${aws_ecr_repository.processing_repository.repository_url}:${var.recordprocessor_image_tag}"
+    image     = "${data.aws_ecr_repository.recordprocessor_repository.repository_url}:${var.recordprocessor_image_tag}"
     essential = true
     environment = [
       {