Merge pull request #183 from GSA/develop

Update brokerpaks and rationalize environments

Author: rshewitt

.docker/zscaler_cert.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIJANu+mC2Jt3uTMA0GCSqGSIb3DQEBCwUAMIGhMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
+FTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMMWnNjYWxlciBJbmMuMRgw
+FgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRA
+enNjYWxlci5jb20wHhcNMTQxMjE5MDAyNzU1WhcNNDIwNTA2MDAyNzU1WjCBoTEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBK
+b3NlMRUwEwYDVQQKEwxac2NhbGVyIEluYy4xFTATBgNVBAsTDFpzY2FsZXIgSW5j
+LjEYMBYGA1UEAxMPWnNjYWxlciBSb290IENBMSIwIAYJKoZIhvcNAQkBFhNzdXBw
+b3J0QHpzY2FsZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+qT7STSxZRTgEFFf6doHajSc1vk5jmzmM6BWuOo044EsaTc9eVEV/HjH/1DWzZtcr
+fTj+ni205apMTlKBW3UYR+lyLHQ9FoZiDXYXK8poKSV5+Tm0Vls/5Kb8mkhVVqv7
+LgYEmvEY7HPY+i1nEGZCa46ZXCOohJ0mBEtB9JVlpDIO+nN0hUMAYYdZ1KZWCMNf
+5J/aTZiShsorN2A38iSOhdd+mcRM4iNL3gsLu99XhKnRqKoHeH83lVdfu1XBeoQz
+z5V6gA3kbRvhDwoIlTBeMa5l4yRdJAfdpkbFzqiwSgNdhbxTHnYYorDzKfr2rEFM
+dsMU0DHdeAZf711+1CunuQIDAQABo4IBCjCCAQYwHQYDVR0OBBYEFLm33UrNww4M
+hp1d3+wcBGnFTpjfMIHWBgNVHSMEgc4wgcuAFLm33UrNww4Mhp1d3+wcBGnFTpjf
+oYGnpIGkMIGhMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
+A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMM
+WnNjYWxlciBJbmMuMRgwFgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG
+9w0BCQEWE3N1cHBvcnRAenNjYWxlci5jb22CCQDbvpgtibd7kzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAw0NdJh8w3NsJu4KHuVZUrmZgIohnTm0j+
+RTmYQ9IKA/pvxAcA6K1i/LO+Bt+tCX+C0yxqB8qzuo+4vAzoY5JEBhyhBhf1uK+P
+/WVWFZN/+hTgpSbZgzUEnWQG2gOVd24msex+0Sr7hyr9vn6OueH+jj+vCMiAm5+u
+kd7lLvJsBu3AO3jGWVLyPkS3i6Gf+rwAp1OsRrv3WnbkYcFf9xjuaf4z0hRCrLN2
+xFNjavxrHmsH8jPHVvgc1VD0Opja0l/BRVauTrUaoW6tE+wFG5rEcPGS80jjHK4S
+pB5iDj2mUZH1T8lzYtuZy0ZPirxmtsk3135+CKNa2OCAhhFjE0xd
+-----END CERTIFICATE-----

.github/workflows/apply.yml

@@ -15,58 +15,9 @@ env:
   ENCRYPT: "true"
 
 jobs:
+  apply:
 
-  apply-staging:
-    name: apply (staging)
-    runs-on: ubuntu-latest
-    environment: staging
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      TF_VAR_cf_username: ${{ secrets.TF_VAR_cf_username }}
-      TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
-      TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
-      TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
-
-    steps:
-      - name: checkout
-        uses: actions/checkout@v3
-      - name: prep applications
-        run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
-          ./app-setup-smtp.sh
-      - name: terraform apply (staging)
-        uses: dflook/terraform-apply@v1
-        with:
-          path: .
-          label: staging
-          workspace: staging
-          var_file: terraform.staging.tfvars
-          backend_config: >
-            bucket=${{ env.BUCKET }},
-            key=${{ env.KEY }},
-            region=${{ env.REGION }},
-            encrypt=${{ env.ENCRYPT }},
-            access_key=${{ env.AWS_ACCESS_KEY_ID }},
-            secret_key=${{ env.AWS_SECRET_ACCESS_KEY }}
-      # - name: Setup tmate session
-      #   if: ${{ failure() }}
-      #   uses: mxschmitt/action-tmate@v3
-      #   with:
-      #     limit-access-to-actor: true
-      - name: test staging environment
-        run: echo staging tests ok  # TODO staging smoke tests
-
-  apply-production:
-    needs: apply-staging
-
-    name: apply (production)
+    name: apply
     runs-on: ubuntu-latest
     environment: production
     env:
@@ -75,23 +26,16 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
+          ./app-setup-solr.sh
           ./app-setup-smtp.sh
-      - name: terraform apply (production)
-        uses: dflook/terraform-apply@v1
+      - name: OpenTofu apply (production)
+        uses: dflook/tofu-apply@v1
         with:
           path: .
           label: production

.github/workflows/commit.yml

@@ -10,7 +10,7 @@ env:
   REGION: "${{ secrets.REGION }}"
   KEY: "ssb-tfstate"
   ENCRYPT: "true"
-  
+
 jobs:
   test:
     name: test format and validity
@@ -19,13 +19,13 @@ jobs:
       - name: checkout
         uses: actions/checkout@v3
 
-      - name: terraform fmt
-        uses: dflook/terraform-fmt-check@v1
+      - name: OpenTofu fmt
+        uses: dflook/tofu-fmt-check@v1
         with:
           path: .
 
-      - name: terraform validate
-        uses: dflook/terraform-validate@v1
+      - name: OpenTofu validate
+        uses: dflook/tofu-validate@v1
         with:
           path: .
 
@@ -40,24 +40,17 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
+          ./app-setup-solr.sh
           ./app-setup-smtp.sh
 
-      - name: terraform apply (development)
-        uses: dflook/terraform-apply@v1
+      - name: OpenTofu apply (development)
+        uses: dflook/tofu-apply@v1
         with:
           path: .
           label: development

.github/workflows/disable-egress.yml

@@ -9,7 +9,6 @@ on:   # yamllint disable-line rule:truthy
         required: true
         type: choice
         options:
-          - "ssb-eks"
           - "ssb-smtp"
           - "ssb-solrcloud"
       appSpace:

.github/workflows/enable-egress.yml

@@ -9,7 +9,6 @@ on:   # yamllint disable-line rule:truthy
         required: true
         type: choice
         options:
-          - "ssb-eks"
           - "ssb-smtp"
           - "ssb-solrcloud"
       appSpace:

.github/workflows/plan.yml

@@ -14,47 +14,9 @@ env:
 
 jobs:
 
-  plan-staging:
-    name: plan (staging)
-    runs-on: ubuntu-latest
-    environment: staging
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      TF_VAR_cf_username: ${{ secrets.TF_VAR_cf_username }}
-      TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
-      TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
-      TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
-    steps:
-      - name: checkout
-        uses: actions/checkout@v3
-      - name: prep applications
-        run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
-          ./app-setup-smtp.sh
-      - name: terraform plan (staging)
-        uses: dflook/terraform-plan@v1
-        with:
-          path: .
-          label: staging
-          workspace: staging
-          var_file: terraform.staging.tfvars
-          backend_config: >
-            bucket=${{ env.BUCKET }},
-            key=${{ env.KEY }},
-            region=${{ env.REGION }},
-            encrypt=${{ env.ENCRYPT }},
-            access_key=${{ env.AWS_ACCESS_KEY_ID }},
-            secret_key=${{ env.AWS_SECRET_ACCESS_KEY }}
-  plan-production:
-    name: plan (production)
+  plan:
+    name: plan
     runs-on: ubuntu-latest
     environment: production
     env:
@@ -63,23 +25,16 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
+          ./app-setup-solr.sh
           ./app-setup-smtp.sh
-      - name: terraform plan (production)
-        uses: dflook/terraform-plan@v1
+      - name: OpenTofu plan (production)
+        uses: dflook/tofu-plan@v1
         with:
           path: .
           label: production