Update CI and remove AWS config.

This does the following:
- Consolidates the app_setup and test jobs into one. The test job was
  only one additional step, so it's not worth separating.
- Updates the Postgres image used to reflect what we're using for the
  deployed version of the site (i.e., v 10).
- Removes some unnecessary steps from the first job.
- Removes all AWS config so that CD will only push to the Azure
  container registry, run migrations against the Azure-hosted database,
  and rotate the container images in the Azure k8s cluster.

.circleci/config.yml

@@ -1,8 +1,6 @@
 version: 2.1
 
 orbs:
-    aws-ecr: circleci/aws-ecr@6.3.0
-    aws-eks: circleci/aws-eks@0.1.0
     azure-acr: circleci/azure-acr@0.1.2
     azure-aks: circleci/azure-aks@0.2.0
     kubernetes: circleci/kubernetes@0.3.0
@@ -11,11 +9,10 @@ defaults:
   appEnvironment: &appEnvironment
     KEEP_EXISTING_VENV: true
     PGHOST: localhost
-    PGUSER: root
+    PGUSER: postgres
     PGDATABASE: circle_test
     REDIS_URI: redis://localhost:6379
     PIP_VERSION: 18.*
-    CRL_STORAGE_PROVIDER: CLOUDFILES
 
 commands:
   migration_setup:
@@ -39,21 +36,21 @@ commands:
           name: Apply Migrations and Seed Roles
 
 jobs:
-  app_setup:
+  test:
     docker:
       - image: circleci/python:3.7.3-stretch-node
         environment: *appEnvironment
-      - image: circleci/postgres:9.6.5-alpine-ram
+      - image: circleci/postgres:10-alpine-ram
       - image: circleci/redis:4-alpine3.8
     steps:
       - checkout
       - run: sudo apt-get update
-      - run: sudo apt-get install postgresql-client-9.6
+      - run: sudo apt-get install postgresql-client
       - attach_workspace:
           at: .
       - run: ./script/setup
       - save_cache:
-          name: "Save Cache: Pipenv Refrences"
+          name: "Save Cache: Pipenv References"
           paths:
             - ~/.local/share
           key: pipenv-v1-{{ .Branch }}-{{ checksum "Pipfile.lock" }}
@@ -73,90 +70,38 @@ jobs:
             - ./node_modules
           key: node-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
       - run:
-          name: "Update CRLs"
+          name: "Run Tests"
-          command: ./script/sync-crls
+          command: ./script/cibuild
-      - run:
-          name: "Generate build info"
-          command: ./script/generate_build_info.sh
       - persist_to_workspace:
           root: .
           paths:
             - .
 
-  test:
+  integration-tests:
     docker:
-      - image: circleci/python:3.7.3-stretch-node
+      - image: docker:18.06.0-ce-git
-        environment: *appEnvironment
+      - image: circleci/postgres:10-alpine-ram
-      - image: circleci/postgres:9.6.5-alpine-ram
       - image: circleci/redis:4-alpine3.8
     steps:
       - attach_workspace:
           at: .
-      - run: sudo apt-get update
-      - run: sudo apt-get install postgresql-client-9.6
-      - run:
-          name: "Run Tests"
-          command: ./script/cibuild
-
-  aws-migration:
-    executor: aws-eks/python3
-    steps:
-      - migration_setup:
-          container_image: "$AWS_ECR_ACCOUNT_URL/atat:atat-$CIRCLE_SHA1"
-      - aws-eks/update-kubeconfig-with-authenticator:
-          cluster-name: atat
-          aws-region: "${AWS_REGION}"
-      - migration_apply
-
-  azure-migration:
-    executor: azure-aks/default
-    steps:
-      - migration_setup:
-          container_image: "$AZURE_SERVER_NAME/atat:atat-$CIRCLE_SHA1"
-      - azure-aks/update-kubeconfig-with-credentials:
-          cluster-name: atat-cluster
-          install-kubectl: true
-          perform-login: true
-          resource-group: atat
-      - migration_apply
-
-  # the azure-acr orb doesn't allow for multiple tags in the
-  # build-and-push-image step, so instead we wrap our own job around it and run
-  # some additional Docker commands
-  azure-build-and-push-image:
-    executor: azure-acr/default
-    steps:
-      - azure-acr/build-and-push-image:
-          extra-build-args: "--build-arg CSP=azure"
-          login-server-name: "${AZURE_SERVER_NAME}"
-          registry-name: pwatat
-          repo: atat
-          tag: "atat-${CIRCLE_SHA1}"
-      - run: "docker tag ${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1}  ${AZURE_SERVER_NAME}/atat:latest"
-      - run: "docker push ${AZURE_SERVER_NAME}/atat:latest"
-
-  integration-tests:
-    docker:
-    - image: docker:17.05.0-ce-git
-    steps:
       - setup_remote_docker:
           version: 18.06.0-ce
-    - checkout
+      - run:
+          name: Remove existing font symlink
+          command: rm static/fonts
       - run:
           name: Set up temporary docker network
           command: docker network create atat
       - run:
           name: Build image
           command: docker build . -t atat:latest
-    - run:
-        name: Get storage containers
-        command: docker pull postgres:latest && docker pull redis:latest
       - run:
           name: Start redis
-        command: docker run -d --network atat --link redis:redis -p 6379:6379 --name redis redis:latest
+          command: docker run -d --network atat --link redis:redis -p 6379:6379 --name redis circleci/redis:4-alpine3.8
       - run:
           name: Start postgres
-        command: docker run -d --network atat --link postgres:postgres -p 5432:5432 --name postgres postgres:latest
+          command: docker run -d --network atat --link postgres:postgres -p 5432:5432 --name postgres circleci/postgres:10-alpine-ram
       - run:
           name: Start application container
           command: |
@@ -199,14 +144,38 @@ jobs:
               --network atat \
               ghostinspector/test-runner-standalone:latest
 
+  azure-migration:
+    executor: azure-aks/default
+    steps:
+      - migration_setup:
+          container_image: "$AZURE_SERVER_NAME/atat:atat-$CIRCLE_SHA1"
+      - azure-aks/update-kubeconfig-with-credentials:
+          cluster-name: atat-cluster
+          install-kubectl: true
+          perform-login: true
+          resource-group: atat
+      - migration_apply
+
+  # the azure-acr orb doesn't allow for multiple tags in the
+  # build-and-push-image step, so instead we wrap our own job around it and run
+  # some additional Docker commands
+  azure-build-and-push-image:
+    executor: azure-acr/default
+    steps:
+      - azure-acr/build-and-push-image:
+          extra-build-args: "--build-arg CSP=azure"
+          login-server-name: "${AZURE_SERVER_NAME}"
+          registry-name: pwatat
+          repo: atat
+          tag: "atat-${CIRCLE_SHA1}"
+      - run: "docker tag ${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1}  ${AZURE_SERVER_NAME}/atat:latest"
+      - run: "docker push ${AZURE_SERVER_NAME}/atat:latest"
+
 workflows:
   version: 2
   run-tests:
     jobs:
-      - app_setup
+      - test
-      - test:
-          requires:
-            - app_setup
       - integration-tests:
           requires:
             - test
@@ -266,62 +235,3 @@ workflows:
             branches:
               only:
                 - master
-      - aws-ecr/build-and-push-image:
-          extra-build-args: "--build-arg CSP=aws"
-          repo: atat
-          tag: "atat-${CIRCLE_SHA1},latest"
-          requires:
-            - integration-tests
-          filters:
-            branches:
-              only:
-                - master
-      - aws-migration:
-          requires:
-            - aws-ecr/build-and-push-image
-          filters:
-            branches:
-              only:
-                - master
-      - aws-eks/update-container-image:
-          cluster-name: atat
-          container-image-updates: "atst=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
-          namespace: atat
-          resource-name: deployment.apps/atst
-          aws-region: "${AWS_REGION}"
-          # uncomment below for debugging
-          # show-kubectl-command: true
-          requires:
-            - aws-migration
-          filters:
-            branches:
-              only:
-                - master
-      - aws-eks/update-container-image:
-          cluster-name: atat
-          container-image-updates: "atst-worker=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
-          namespace: atat
-          resource-name: deployment.apps/atst-worker
-          aws-region: "${AWS_REGION}"
-          # uncomment below for debugging
-          # show-kubectl-command: true
-          requires:
-            - aws-migration
-          filters:
-            branches:
-              only:
-                - master
-      - aws-eks/update-container-image:
-          cluster-name: atat
-          container-image-updates: "atst-beat=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
-          namespace: atat
-          resource-name: deployment.apps/atst-beat
-          aws-region: "${AWS_REGION}"
-          # uncomment below for debugging
-          # show-kubectl-command: true
-          requires:
-            - aws-migration
-          filters:
-            branches:
-              only:
-                - master