AWS Moqui Setup

Here’s a document I’d like to share on how I setup Moqui. I’m referencing it for the 3rd time and figure it might as well share it.

Note: There is a problem where open search doesn’t save data. I’m open to ideas on how to fix this.

If starting from scratch:

For setting up a docker image to push to Amazon Web Service’s Elastic Container Repository:

  • create a fork of moqui-framework for your organization in a git repository that is cloneable
  • Add a myaddons.xml file containing something like:
<addons default-repository="github-ssh">
    <!-- ${My Orginzation Name} Client Components -->
    <component name="${My Orginzation Name}" group="${My Orginzation Name}" version="" branch="${My Orginzation Name}"/>

    <!-- Component Sets -->
    <component-set name="${My Orginzation Name}" components="PopCommerce,HiveMind,MarbleERP,${My Orginzation Name}"/>

    <!-- Release builds:
        gradle getComponentSet -PcomponentSet=custom -PlocationType=release
        - these make the source distro for each
        - to build the demo war: gradle load test addRuntime
    -->
</addons>

There are some examples for real life use cases here:

Add a aws.yml file to .github/workflows containing something like:

# This workflow will build and push a new container image to Amazon ECR,
# and then will deploy a new task definition to Amazon ECS, when there is a push to the "dev" branch.
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
#    For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
#    Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
#    Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
#    For example, follow the Getting Started guide on the ECS console:
#      https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
#    Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
#    Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
#
# 3. Store your ECS task definition as a JSON file in your repository.
#    The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
#    Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
#    Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
#    in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
#    See the documentation for each action used below for the recommended IAM policies for this IAM user,
#    and best practices on handling the access key credentials.

name: Deploy to Amazon ECS

on:
  push:
    branches:
      - "${My Orginzation Name}"

env:
  AWS_REGION: ${{ secrets.MY_AWS_REGION }}                   # set this to your preferred AWS region, e.g. us-west-1
  ECR_REPOSITORY: ${{ secrets.MY_ECR_REPOSITORY }}           # set this to your Amazon ECR repository name
  ECS_SERVICE: ${{ secrets.MY_ECS_SERVICE }}                 # set this to your Amazon ECS service name
  ECS_CLUSTER: ${{ secrets.MY_ECS_CLUSTER }}                 # set this to your Amazon ECS cluster name
  ECS_TASK_DEFINITION: ${{ secrets.MY_ECS_TASK_DEFINITION }} # set this to the path to your Amazon ECS task definition
  # file, e.g. .aws/task-definition.json
  ECS_TASK_DEFINITION_NAME: ${{ secrets.MY_ECS_TASK_DEFINITION_NAME }} # set this to the name to your Amazon ECS task definition
  CONTAINER_NAME: ${{ secrets.MY_CONTAINER_NAME }}           # set this to the name of the container in the
  # containerDefinitions section of your task definition

permissions:
  contents: read

jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    environment: production

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Configure AWS credentials
        id: config-aws-credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Build, tag, and push image to Amazon ECR
        id: build-image
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
        run: |
          # Build a docker container and
          # push it to ECR so that it can
          # be deployed to ECS.
          sed -i 's/github-ssh/github/g' myaddons.xml
          ./gradlew getRuntime downloadOpenSearch getComponentSet -PcomponentSet=${My Orginzation Name}
          sleep 1
          ./gradlew addRuntime
          cd docker/simple
          ./docker-build.sh ../.. $ECR_REGISTRY/$ECR_REPOSITORY:latest
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
          echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:latest"

      - name: Get Task Definition
        id: get-task-def
        run: |
          aws ecs describe-task-definition --task-definition ${{ env.ECS_TASK_DEFINITION_NAME }} --output json > ${{ env.ECS_TASK_DEFINITION }}
          sed '2d;$d' ${{ env.ECS_TASK_DEFINITION }} | sed '$d' | sed '$d' > ${{ env.ECS_TASK_DEFINITION }}.tmp && echo "}" >> ${{ env.ECS_TASK_DEFINITION }}.tmp && mv ${{ env.ECS_TASK_DEFINITION }}.tmp ${{ env.ECS_TASK_DEFINITION }}

      - name: Fill in the new image ID in the Amazon ECS task definition
        id: task-def
        uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: ${{ env.ECS_TASK_DEFINITION }}
          container-name: ${{ env.CONTAINER_NAME }}
          image: ${{ steps.build-image.outputs.image }}

      - name: Deploy Amazon ECS task definition
        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
        with:
          task-definition: ${{ steps.task-def.outputs.task-definition }}
          service: ${{ env.ECS_SERVICE }}
          cluster: ${{ env.ECS_CLUSTER }}
          wait-for-service-stability: true # setting this to true uses a lot of resources

There are some examples for real life use cases here:

For the aws github action to work, there needs to be 7 secrets:

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • MY_AWS_REGION (i.e. us-west-1)
  • MY_ECR_REPOSITORY (i.e. ${My Orginzation Name})
  • MY_ECS_SERVICE
  • MY_ECS_CLUSTER
  • MY_ECS_TASK_DEFINITION
  • MY_ECS_TASK_DEFINITION_NAME
  • MY_CONTAINER_NAME (i.e. moqui)

To create those secrets:

  • In Elastic Container Services (ECS), create a cluster and wait for it to setup, create a new task definition with the container arn setup

create a service for the cluster

  • In Identity Access Management (IAM), create a policy with the following in Elastic Container Service: DescribeTaskDefinition, RegisterTaskDefinition, and UpdateService
  • In IAM, create a user for github actions with the permissions: AWSCodeDeployRoleForECSLimited, EC2InstanceProfileForImageBuilderECRContainerBuilds

Note: This isn’t quite finished, but is a good start.

2 Likes