fix: downscale ECS, staging env (#183)

* fix: downscale ECS, staging env

* fix: use ubuntu-latest runner

* fix: auto-format

* fix: lint

* chore: add comment

* fix: fmt

.github/workflows/dispatch_deploy.yaml

@@ -47,8 +47,7 @@ jobs:
   select_version:
     name: Select Version
     if: ${{ always() && !cancelled() && !failure() }}
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

.github/workflows/dispatch_publish.yaml

@@ -32,8 +32,7 @@ jobs:
 
   update_version:
     name: Update Version
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     needs: [ci]
     steps:
       - name: Checkout
@@ -53,8 +52,7 @@ jobs:
 
   released_version:
     name: Version ➠ ${{ needs.update_version.outputs.version }}
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     needs: [ update_version ]
     steps:
       - run: echo "Version = ${{ needs.update_version.outputs.version }}"

.github/workflows/event_intake.yml

@@ -24,8 +24,7 @@ jobs:
   auto-promote:
     name: auto-promote
     if: github.event.action == 'opened'
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Check Core Team membership
         uses: tspascoal/get-user-teams-membership@v1

.github/workflows/event_pr.yaml

@@ -26,8 +26,7 @@ permissions:
 jobs:
   check_pr:
     name: Check PR
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     permissions:
       statuses: write
     steps:
@@ -38,8 +37,7 @@ jobs:
 
   paths_filter:
     name: Paths Filter
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: dorny/paths-filter@v2
@@ -65,8 +63,7 @@ jobs:
 
   merge_check:
     name: Merge Check
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     if: ${{ always() && !cancelled() && !failure() }}
     needs: [check_pr, ci]
     steps:

.github/workflows/event_release.yaml

@@ -33,8 +33,7 @@ jobs:
 
   paths_filter:
     name: Paths Filter
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: dorny/paths-filter@v2
@@ -51,8 +50,7 @@ jobs:
 
   update_version:
     name: Update Version
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     if: ${{ needs.paths_filter.outputs.app == 'true' }}
     needs: [paths_filter]
     steps:
@@ -73,8 +71,7 @@ jobs:
 
   released_version:
     name: Release Version ➠ ${{ needs.update_version.outputs.version }}
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubutnu-latest
     needs: [ update_version ]
     steps:
       - run: echo "Version = ${{ needs.update_version.outputs.version }}"
@@ -97,8 +94,7 @@ jobs:
 
   get_version:
     name: Get Version
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     needs: [ paths_filter, update_version, publish_image-staging, publish_image-prod ]
     if: ${{ always() && !cancelled() && !failure() }}
     steps:
@@ -126,8 +122,7 @@ jobs:
   used_version:
     name: Version ➠ ${{ needs.get_version.outputs.version }}
     if: ${{ always() && !cancelled() && !failure() }}
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     needs: [ get_version ]
     steps:
       - run: echo "Version = ${{ needs.get_version.outputs.version }}"

.github/workflows/sub-app-check.yml

@@ -12,8 +12,7 @@ permissions:
 jobs:
   clippy:
     name: Clippy
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -42,8 +41,7 @@ jobs:
 
   formatting:
     name: Formatting
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -66,8 +64,7 @@ jobs:
 
   tests:
     name: Tests
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/sub-app-deploy.yml

@@ -27,8 +27,7 @@ permissions:
 jobs:
   deploy-app:
     name: Deploy App `${{ inputs.stage }}`
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     environment:
       name: ${{ inputs.stage }}
       url: ${{ inputs.environment_url }}

.github/workflows/sub-cd.yml

@@ -66,8 +66,7 @@ jobs:
   deployment_window:
     name: Deployment Window
     if: ${{ inputs.deploy-prod }}
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     environment:
       name: prod
       url: https://${{ vars.SUBDOMAIN_NAME }}.walletconnect.com/health

.github/workflows/sub-infra-apply.yml

@@ -25,8 +25,7 @@ permissions:
 jobs:
   apply-infra:
     name: Apply Infra `${{ inputs.stage }}`
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     environment:
       name: ${{ inputs.stage }}
       url: ${{ inputs.stage-url }}

.github/workflows/sub-infra-check.yml

@@ -17,8 +17,7 @@ permissions:
 jobs:
   check-fmt:
     name: Formatting
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -37,8 +36,7 @@ jobs:
 
   validate:
     name: Validate
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -70,8 +68,7 @@ jobs:
 
   tfsec:
     name: TFSec
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -102,8 +99,7 @@ jobs:
 
   tflint:
     name: TFLint
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/sub-infra-plan.yml

@@ -30,8 +30,7 @@ concurrency: ${{ inputs.stage }}
 jobs:
   plan:
     name: Plan `${{ inputs.stage }}`
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     environment:
       name: ${{ inputs.stage }}
       url: ${{ inputs.stage-url }}

.github/workflows/sub-publish-image.yml

@@ -20,8 +20,7 @@ permissions:
 jobs:
   build-container:
     name: Build
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/sub-validate.yml

@@ -17,8 +17,7 @@ on:
 jobs:
   health-check:
     name: Health Check - ${{ inputs.stage }}
-    runs-on:
-      group: ${{ vars.RUN_GROUP }}
+    runs-on: ubuntu-latest
     environment:
       name: ${{ inputs.stage }}
       url: ${{ inputs.stage-url }}

justfile

@@ -137,16 +137,16 @@ commit-check:
     echo '==> cog not found in PATH, skipping'
   fi
 
-tf-lint: tf-validate tf-check-fmt tfsec tflint
+tf-lint: tf-validate tf-fmt tfsec tflint
 
 # Check Terraform formating
-tf-check-fmt:
+tf-fmt:
   #!/bin/bash
   set -euo pipefail
 
   if command -v terraform >/dev/null; then
     echo '==> Checking terraform fmt'
-    terraform -chdir=terraform fmt -check -recursive
+    terraform -chdir=terraform fmt -recursive
   else
     echo '==> Terraform not found in PATH, skipping'
   fi

terraform/ecs/cluster.tf

@@ -1,16 +1,21 @@
 locals {
-  image          = "${var.ecr_repository_url}:${var.image_version}"
-  telemetry_port = var.port + 1
+  image = "${var.ecr_repository_url}:${var.image_version}"
 
+  desired_count = module.this.stage == "prod" ? var.autoscaling_desired_count : 1
+
+  task_cpu    = module.this.stage == "prod" ? var.task_cpu : 256
+  task_memory = module.this.stage == "prod" ? var.task_memory : 512
+
+  otel_port   = var.port + 1
   otel_cpu    = 128
   otel_memory = 128
 }
 
 module "ecs_cpu_mem" {
   source  = "app.terraform.io/wallet-connect/ecs_cpu_mem/aws"
   version = "1.0.0"
-  cpu     = var.task_cpu + local.otel_cpu
-  memory  = var.task_memory + local.otel_memory
+  cpu     = local.task_cpu
+  memory  = local.task_memory
 }
 
 #-------------------------------------------------------------------------------
@@ -68,16 +73,16 @@ resource "aws_ecs_task_definition" "app_task" {
     {
       name      = module.this.name,
       image     = local.image,
-      cpu       = var.task_cpu,
-      memory    = var.task_memory,
+      cpu       = local.task_cpu - local.otel_cpu,
+      memory    = local.task_memory - local.otel_memory,
       essential = true,
 
       environment = [
         { "name" = "DATABASE_URL", "value" = var.keystore_addr },
         { "name" = "LOG_LEVEL", "value" = var.log_level },
         { "name" = "PROJECT_ID", "value" = var.project_id },
 
-        { "name" = "TELEMETRY_PROMETHEUS_PORT", "value" = tostring(local.telemetry_port) },
+        { "name" = "TELEMETRY_PROMETHEUS_PORT", "value" = tostring(local.otel_port) },
 
         { "name" = "GEOIP_DB_BUCKET", "value" = var.geoip_db_bucket_name },
         { "name" = "GEOIP_DB_KEY", "value" = var.geoip_db_key },
@@ -90,6 +95,7 @@ resource "aws_ecs_task_definition" "app_task" {
           containerPort = var.port,
           hostPort      = var.port
         }
+        # TODO do we not need otel_port here like we do in Notify Server?
       ],
 
       logConfiguration : {
@@ -120,7 +126,7 @@ resource "aws_ecs_task_definition" "app_task" {
       ],
 
       environment = [
-        { name : "AWS_PROMETHEUS_SCRAPING_ENDPOINT", value : "0.0.0.0:${local.telemetry_port}" },
+        { name : "AWS_PROMETHEUS_SCRAPING_ENDPOINT", value : "0.0.0.0:${local.otel_port}" },
         { name : "AWS_PROMETHEUS_ENDPOINT", value : "${var.prometheus_endpoint}api/v1/remote_write" },
         { name = "AWS_REGION", value = module.this.region },
       ],
@@ -147,7 +153,7 @@ resource "aws_ecs_service" "app_service" {
   cluster         = aws_ecs_cluster.app_cluster.id
   task_definition = aws_ecs_task_definition.app_task.arn
   launch_type     = "FARGATE"
-  desired_count   = var.min_capacity
+  desired_count   = local.desired_count
   propagate_tags  = "TASK_DEFINITION"
 
   # Wait for the service deployment to succeed

terraform/ecs/cluster_autoscaling.tf

@@ -1,3 +1,7 @@
+locals {
+  autoscaling_min_capacity = module.this.stage == "prod" ? var.autoscaling_min_capacity : 1
+}
+
 resource "aws_iam_role" "ecs_autoscaling_role" {
   name = "${module.this.name}-ecs-scale-application"
 
@@ -17,8 +21,8 @@ resource "aws_iam_role" "ecs_autoscaling_role" {
 }
 
 resource "aws_appautoscaling_target" "ecs_target" {
-  min_capacity       = var.min_capacity
-  max_capacity       = var.max_capacity
+  min_capacity       = local.autoscaling_min_capacity
+  max_capacity       = var.autoscaling_max_capacity
   resource_id        = "service/${aws_ecs_cluster.app_cluster.name}/${aws_ecs_service.app_service.name}"
   scalable_dimension = "ecs:service:DesiredCount"
   service_namespace  = "ecs"

terraform/ecs/variables.tf

@@ -21,13 +21,19 @@ variable "task_memory" {
   type        = number
 }
 
-variable "min_capacity" {
+variable "autoscaling_desired_count" {
   description = "Minimum number of instances in the autoscaling group"
   type        = number
   default     = 2
 }
 
-variable "max_capacity" {
+variable "autoscaling_min_capacity" {
+  description = "Minimum number of instances in the autoscaling group"
+  type        = number
+  default     = 2
+}
+
+variable "autoscaling_max_capacity" {
   description = "Maximum number of instances in the autoscaling group"
   type        = number
   default     = 8