Web Portal Continuous Deployment integration

[sjoshi-jpl]

💡 Description

We want to automate as much as can be the deployment of the web portal, and document the procedure for the manual steps.

The steps are:

1. Have/validate an up to date documentation in the README
2. Deploy what can be automated in a github action + workflow OIDC
3. Update portal deployment wiki page "Portal WP"
4. Analyze what remains to be automated

⚔️ Parent Epic / Related Tickets

No response

[sjoshi-jpl]

Per discussion with @tloubrieu-jpl @nutjob4life, following are the tasks that need to be completed :

1. Update README.md in portal-drupal to use terraform to deploy application locally (Sean)
2. Create a TF workflow with OIDC that will be execute post docker image build (drupal.yaml) to deploy infra using TF (Sagar)
3. Implement use of S3 backend (Sagar)
4. Update drupal.yaml to use OIDC for authentication (Sagar)
5. Update portal-wp wiki with links to GitHub actions workflow and high-level deployment guidelines (Sean/Sagar)

[nutjob4life]

6. Update the Docker build of the Solr and Drupal compnents to use the new code drop from the Web Strategy Team (Sean)

[nutjob4life]

Updating to let people know where I am now:

• We got a new code drop from the Web Strategy Team and I've updated both our Solr image build and Drupal image builds based off it
  • I tested the new code drop and it still builds on macOS but fails on Linux
    • In fact, it's even worse now: it changes user-owned files on the host filesystem to root, requiring you to either ask a sysadmin for help or use a docker container run busybox command to clean up
  • But I also came up with a workaround to the GitHub Actions build problem and updated our own Dockerfile and the drupal-ci.yaml workflow to use it
• We now use the "develop' branch of WST's code (and switching to that was much harder than it should've been!)
• I simplified secret handling by letting you copy/paste ECR repository URIs so that continuous builds can happen easily
• The current continuous build workflows solr-ci.yaml and drupal-ci.yaml use temporary AWS access keys and still need @sjoshi-jpl's special magic care to use OIDC
  • Those workflows now also trigger a new workflow, deployment.yaml, where the Terraform init and apply should happen (again with OIDC magic)
• Updated the Terraform .tf files to use the new secrets as well, simplifying the image use and updating the variables
• Updated the hand-build instructions to use docker buildx exclusively so that whether you're on Intel or Apple Silicon you can make the images as needed (and confirmed you can publish them to ECR)
• Removed the terraform/README.md and updated the README.md with instructions
  • And made another edit pass through the instructions
• Pushed all this to the develop branch

I'm sure there's things I missed but I'm starting to make errors so I'll take a break and then come back to it.