Pull over pfml-starter-kit-app tweaks for Rails, namely a non-read-on…

…ly filesystem in the container
navapbc · Jan 16, 2025 · 2b02720 · 2b02720
1 parent 510ea04
commit 2b02720
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/infra/app-rails/service/main.tf b/infra/app-rails/service/main.tf
@@ -199,6 +199,10 @@ module "service" {
   )
 
   is_temporary = local.is_temporary
+
+  # Template Divergent Variables
+  container_read_only = false
+  healthcheck_type    = "curl"
 }
 
 module "monitoring" {

diff --git a/infra/modules/service/main.tf b/infra/modules/service/main.tf
@@ -77,7 +77,7 @@ resource "aws_ecs_task_definition" "app" {
       cpu                    = var.cpu,
       networkMode            = "awsvpc",
       essential              = true,
-      readonlyRootFilesystem = !var.enable_command_execution,
+      readonlyRootFilesystem = var.container_read_only && !var.enable_command_execution,
 
       # Need to define all parameters in the healthCheck block even if we want
       # to use AWS's defaults, otherwise the terraform plan will show a diff
@@ -87,7 +87,7 @@ resource "aws_ecs_task_definition" "app" {
         retries  = 3,
         timeout  = 5,
         command = ["CMD-SHELL",
-          "wget --no-verbose --tries=1 --spider http://localhost:${var.container_port}/health || exit 1"
+          var.healthcheck_type == "curl" ? "curl --fail http://localhost:${var.container_port}/health || exit 1" : "wget --no-verbose --tries=1 --spider http://localhost:${var.container_port}/health || exit 1"
         ]
       },
       environment = local.environment_variables,

diff --git a/infra/modules/service/variables.tf b/infra/modules/service/variables.tf
@@ -169,3 +169,20 @@ variable "vpc_id" {
   type        = string
   description = "Uniquely identifies the VPC."
 }
+
+# Custom Template-diverging variables
+variable "container_read_only" {
+  type        = bool
+  description = "Whether the container root filesystem should be read-only"
+  default     = true
+}
+
+variable "healthcheck_type" {
+  type        = string
+  description = "Whether to configure a curl or wget healthcheck. curl is more common. use wget for alpine-based images"
+  default     = "wget"
+  validation {
+    condition     = contains(["curl", "wget"], var.healthcheck_type)
+    error_message = "choose either: curl or wget"
+  }
+}