Conversation
|
Hi @zxiiro, I apologize for bothering you again. The failed job named Could you help me create S3/DynamoDB? section should be a good reference. Thank you very much for your help! |
I think its failing because the bucket So In AWS S3 buckets are globally unique. If your team created a bucket with the same name in your own account when testing then we cannot create this bucket name because you've already used it. You'll need to delete your bucket in your test account to release the name for us to deploy or we will need to update the terraform config in this PR to use a different bucket name. |
fffrog
force-pushed
the
crcr-l1
branch
2 times, most recently
from
5a4b5ef to
c303f08
Compare
Thanks for pointing this out. I was previously unaware that AWS S3 buckets are unique across different accounts, which is a bit unbelievable to me :D.
I prefer to keep the name |
|
Hi @ZainRizvi @zxiiro, sorry to bother you again. I’ve introduced a few additional changes in my latest commits. Below is a brief summary of the rationale behind them. Please let me know if you have any feedback. Change 1: Sync with Upstream VPC Module
Change 2: Simplify Lambda Permissions
Change 3: Flatten Directory Structure
|
Alright S3 and DynamoDB has been created. The Terraform Plan jobs appear to be working now. I'll take a look at your newer changes later today. |
Thank you lot, and the CI have passed :D Please let me know if you have any questions and we have carefully tested in my personal AWS with the environment suffix "canary" 😀 |
zxiiro
left a comment
zxiiro
left a comment
There was a problem hiding this comment.
Approved. I have 2 suggestions if you want to handle them in this PR; otherwise I will merge this tomorrow during my daytime.
**Summary**: - Add Terraform infrastructure for CRCR (Cross-Repository CI Relay), a GitHub webhook relay service for PyTorch out-of-tree backends that receives upstream webhook events via a GitHub App and forwards `repository_dispatch` events to registered downstream repositories - Infrastructure includes: Lambda function (webhook handler), ElastiCache Redis (allowlist caching), dedicated VPC, IAM roles, and Lambda Function URL - Add two GitHub Actions workflows: `crcr-on-pr.yml` and `crcr-deploy-prod.yml` **Architecture**: GitHub App → Lambda webhook (Function URL) → `repository_dispatch` → downstream repos - Lambda function (`cross_repo_ci_webhook`) with Python 3.10 runtime - ElastiCache Redis replication group (`cache.t3.small`) for allowlist caching - VPC with private subnets for Lambda ↔ Redis connectivity - IAM role with Secrets Manager, VPC networking, and CloudWatch Logs permissions - S3 backend for Terraform state **Test**: Multiple deployments and verifications have been completed on personal AWS environment. Co-authored-by: can-gaa-hou <jiahaochen535@gmail.com>
- Fix some bugs about elasticache - update README.md to correspond to the crcr code.
- creating secret manager via terraform rather than creating manually - Moving REDIS_LOGIN from environment to secret manager - Optimize all terraform label and name to be clearer and more understanding
Related Comments: - #415 (comment) - #415 (comment) - #415 (comment) - #415 (comment)
As the title stated.
- Replaced jeanschmidt/terraform-aws-vpc with the upstream terraform-aws-modules/terraform-aws-vpc (v6.6.1, the latest release). - Since the AWS provider was bumped to >= 6.28 (required by the new VPC module), invoked_via_function_url is now natively supported. Replaced the aws_cloudformation_stack workaround with native aws_lambda_permission resources. - Flattened the directory structure from aws/<account>/<region>/ to aws/ for two reasons: first, CRCR's canary environment is deployed under personal AWS account, and the previous structure required code changes just to switch accounts; second, CRCR doesn't need cross-region deployment, so the nested structure added unnecessary complexity.
As the title stated.
3 participants
Note
Due to the restrictions on secret injection in the fork Repo scenario on GitHub, a new PR needs to be created to replace the old one (#415). Please refer to the old PR for a detailed discussion.
Summary
Please refer to this comment for the overall implementation.
repository_dispatchevents to registered downstream repositoriescrcr-on-pr.ymlandcrcr-deploy-prod.ymlNotes:
This PR need to wait this merged first for purpose of updating tag field in Terrafile.
Architecture
GitHub App → Lambda webhook (Function URL) →
repository_dispatch→ downstream reposAWS Resources (us-east-1, account 391835788720):
cross_repo_ci_webhook) with Python 3.10 runtimeTest
Multiple deployments and verifications have been completed on personal AWS environment.