The CircleCI Orbs were useful for getting started, but now that we only
have to deploy to one provider our pipeline should be tailored to
efficiently push to just that environment. This inlines all the relevant
pieces from the Orbs we were relying on as bash/sh commands instead.
This builds the Docker images upfront. Since we have a multi-stage
Dockerfile, it builds the first stage as a separate image and then
proceeds to build the complete image. This is done so that the first
stage (called "builder") can be used for testing. It retains executables
like pipenv that we need to install development dependencies needed for
tests.
Other notes:
- CircleCI does not persist Docker images between jobs. As a
work-around, we use the CircleCI caching mechanism to create a named
cache with *.tar copies of the images. Subsequent jobs use the cache
and load the images.
- Both the test and integration-tests jobs need to make minor
modifications to the container to run correctly. The test job needs to
install the development Python dependencies, and the integration-tests
job needs to rebuild the JS bundle so that it uses the mock uploader
(the container is build to use the Azure uploader by default).
- The test and integration-tests jobs run in parallel.
- This adjusts the Dockerfile so that the TZ environment variable is set
for both stages of the build.
This does the following:
- Consolidates the app_setup and test jobs into one. The test job was
only one additional step, so it's not worth separating.
- Updates the Postgres image used to reflect what we're using for the
deployed version of the site (i.e., v 10).
- Removes some unnecessary steps from the first job.
- Removes all AWS config so that CD will only push to the Azure
container registry, run migrations against the Azure-hosted database,
and rotate the container images in the Azure k8s cluster.
A bug was caused by using the MemberManagementTemplate macro and not supplying all of the necessary
kwargs. Intially, this bug was fixed by supplying the kwargs used by the
macro at the time, but in this refactor, we simply remove those kwargs
and refer to the permissions directly in the template by importing the
macro with context.
