Use mu for deployment with circleci

[ptrhck]

If possible at all, could someone suggest on how to deploy the changes to a repo to AWS fargate using mu on CircleCI? What would a config.yml look like? I have no good idea where to start as mu seems to need a git repo somehow.

[masha256]

I use fargate and circleci to deploy my rails app. I deploy two services, one the web app, the other the background workers. Due to this, I had to have a second mu config (mu_worker.yml in this case) that defined the worker service, and pointed to the imageRepository of the main web app service. Seems to be working well.

Here is my config.yml. Hope it helps.

version: 2.0

jobs:
  checkout_code:
    docker:
      - image: circleci/ruby:2.6.2-node-browsers
    working_directory: ~/circleci-build
    steps:
      - checkout
      - save_cache:
          key: v1-repo-{{ .Environment.CIRCLE_SHA1 }}
          paths:
            - ~/circleci-build

  bundle_dependencies:
    docker:
      - image: circleci/ruby:2.6.2-node-browsers
    working_directory: ~/circleci-build
    environment:
      - RAILS_ENV: test
      - DEBIAN_FRONTEND: noninteractive
    steps:
      - restore_cache:
          key: v1-repo-{{ .Environment.CIRCLE_SHA1 }}
      - restore_cache:
          key: v1-bundle-{{ checksum "Gemfile.lock" }}
      - run: bundle install --path vendor/bundle
      - save_cache:
          key: v1-bundle-{{ checksum "Gemfile.lock" }}
          paths:
            - ~/circleci-build/vendor/bundle

  rake_test:
    docker:
      - image: circleci/ruby:2.6.2-node-browsers
      - image: circleci/mysql:5.7.21
      - image: redis:2.8.6
    working_directory: ~/circleci-build
    environment:
      - RAILS_ENV: test
      - DEBIAN_FRONTEND: noninteractive
    steps:
      - restore_cache:
          key: v1-repo-{{ .Environment.CIRCLE_SHA1 }}
      - restore_cache:
          key: v1-bundle-{{ checksum "Gemfile.lock" }}
      - run: bundle --path vendor/bundle
      # block until dependent services are up and running
      - run:
          name: install dockerize
          command: wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && sudo tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
          environment:
            DOCKERIZE_VERSION: v0.3.0
      - run:
          name: Wait for db
          command: dockerize -wait tcp://localhost:3306 -timeout 1m
      - run:
          name: Wait for redis
          command: dockerize -wait tcp://localhost:6379 -timeout 1m
      - run: echo $RAILS_MASTER_KEY > config/master.key
      - run: bundle exec rake db:create db:schema:load
      - run:
          name: rails tests
          command: |
            mkdir -p test-results/minitest
            bundle exec rake test
      - store_test_results:
          path: test-results
      - store_artifacts:
          path: test-results

  push_app:
    machine: true
    working_directory: ~/circleci-build
    steps:
      - restore_cache:
          key: v1-repo-{{ .Environment.CIRCLE_SHA1 }}
      - run: echo $RAILS_MASTER_KEY > config/master.key
      - run:
          name: install mu
          command: curl -s https://getmu.io/install.sh | sudo sh
      - run: mu -s service push -t $CIRCLE_SHA1

  deploy_production_app:
    machine: true
    working_directory: ~/circleci-build
    steps:
      - restore_cache:
          key: v1-repo-{{ .Environment.CIRCLE_SHA1 }}
      - run:
          name: install mu
          command: curl -s https://getmu.io/install.sh | sudo sh
      - run: mu -s service deploy production -t $CIRCLE_SHA1

  deploy_production_workers:
    machine: true
    working_directory: ~/circleci-build
    steps:
      - restore_cache:
          key: v1-repo-{{ .Environment.CIRCLE_SHA1 }}
      - run:
          name: install mu
          command: curl -s https://getmu.io/install.sh | sudo sh
      - run: mu -s -c mu_worker.yml service deploy production -t $CIRCLE_SHA1

workflows:
  version: 2
  build-and-deploy:
    jobs:
      - checkout_code
      - bundle_dependencies:
          requires:
            - checkout_code
      - rake_test:
          requires:
            - bundle_dependencies
      - push_app:
          requires:
            - rake_test
          filters:
            branches:
              only:
                - master
                - staging
      - deploy_production_app:
          requires:
            - push_app
          filters:
            branches:
              only: master
      - deploy_production_workers:
          requires:
            - push_app
          filters:
            branches:
              only: master

[ghost]

@machadolab This sounds great. I'm in a similar situation. Any chance you could share your mu_worker.yml so I can see how I too could point to the imageRepository of my main web app service?

[masha256]

mu.yml:

environments:
  - name: production
    provider: ecs-fargate
    loadbalancer:
      certificate: "xxx"
    vpcTarget:
      vpcId: vpc-xxxx
      instanceSubnetIds:
        - subnet-xxx
        - subnet-xxx
      elbSubnetIds:
        - subnet-xxx
        - subnet-xxx

service:
  name: vinaio-app                   # The unique name of the service (default: the name of the directory that mu.yml was in)
  desiredCount: 1                    # The desired number of tasks to run for the service (default: 2)
  port: 80                           # The port to expose from the container (default: 8080)
  protocol: HTTP                     # The protocol for the port exposed from the container (default: HTTP)
  healthEndpoint: /                  # The endpoint inside the container to determine if the task is healthy (default: /health)
  cpu: 256                           # The number of CPU units to allocate to each task (default: 10)
  memory: 512                        # The amount of memory in MiB to allocate to each task (default: 300)
  networkMode: awsvpc                # The networking mode for the task: none, bridge, host, or awsvpc (default: bridge)
  minSize: 1                         # The minimum number of services for autoscaling (default: 1)
  maxSize: 2                         # The maximum number of services for autoscaling (default: 2)
  deploymentStrategy: blue_green     # The strategy for deploying new images: blue_green, rolling, replace (default: blue_green)

  pathPatterns:
    - /*

  environment:
    RUN_TARGET: web
    RAILS_ENV:
      acceptance: acceptance
      production: production
    SECRETS_BUCKET:
      production: vinaio-secrets-production

mu_worker.yml:

service:
  name: vinaio-worker                # The unique name of the service (default: the name of the directory that mu.yml was in)
  imageRepository: xxx.dkr.ecr.us-west-1.amazonaws.com/mu-vinaio-app:${env:CIRCLE_SHA1}
  desiredCount: 1                    # The desired number of tasks to run for the service (default: 2)
  cpu: 256                           # The number of CPU units to allocate to each task (default: 10)
  memory: 512                        # The amount of memory in MiB to allocate to each task (default: 300)
  networkMode: awsvpc                # The networking mode for the task: none, bridge, host, or awsvpc (default: bridge)
  minSize: 1                         # The minimum number of services for autoscaling (default: 1)
  maxSize: 2                         # The maximum number of services for autoscaling (default: 2)
  deploymentStrategy: blue_green     # The strategy for deploying new images: blue_green, rolling, replace (default: blue_green)

  environment:
    RUN_TARGET: worker
    RAILS_ENV:
      acceptance: acceptance
      production: production
    SECRETS_BUCKET:
      production: vinaio-secrets-production

[ghost]

@machadolab Thanks for sharing the mu yaml. Couple of questions for you if you don't mind:

1. Why did you go for CircleCI instead of doing the CI within CodePipeline itself?
2. When the "mu -s service deploy production -t $CIRCLE_SHA1" commands run, under what IAM Role do they execute? Or have you provided the CircleCI with AWS creds of an IAM user that is fairly open?
   Thanks again!