Skip to content

feat: Terraform setup #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
patrickmoore-nc merged 1 commit into from
Sep 26, 2025
Merged

feat: Terraform setup #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,12 @@ jobs:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_wrapper: false
terraform_version: 1.11.4

- name: Terraform Init
run: make terraform-init
2 changes: 2 additions & 0 deletions infrastructure/environments/poc/variables.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
ENVIRONMENT=poc
AZURE_SUBSCRIPTION="Lung Cancer Screening - Dev"
HUB_SUBSCRIPTION="Lung Cancer Screening - Dev"
STORAGE_ACCOUNT_RG=rg-tfstate-poc-uks
TERRAFORM_MODULES_REF=main
ENABLE_SOFT_DELETE=false
28 changes: 28 additions & 0 deletions infrastructure/terraform/providers.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "4.34.0"
}
azuread = {
source = "hashicorp/azuread"
version = "3.4.0"
}
}
backend "azurerm" {
container_name = "terraform-state"
}
}

provider "azurerm" {
features {}
}

provider "azurerm" {
alias = "hub"
subscription_id = var.hub_subscription_id

features {}
}

provider "azuread" {}
153 changes: 74 additions & 79 deletions scripts/terraform/terraform.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,79 +1,74 @@
# This file is for you! Edit it to implement your own Terraform make targets.

# ==============================================================================
# Custom implementation - implementation of a make target should not exceed 5 lines of effective code.
# In most cases there should be no need to modify the existing make targets.

TF_ENV ?= dev
STACK ?= ${stack}
TERRAFORM_STACK ?= $(or ${STACK}, infrastructure/environments/${TF_ENV})
dir ?= ${TERRAFORM_STACK}

terraform-init: # Initialise Terraform - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform init command, default is none/empty] @Development
make _terraform cmd="init" \
dir=$(or ${terraform_dir}, ${dir}) \
opts=$(or ${terraform_opts}, ${opts})

terraform-plan: # Plan Terraform changes - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform plan command, default is none/empty] @Development
make _terraform cmd="plan" \
dir=$(or ${terraform_dir}, ${dir}) \
opts=$(or ${terraform_opts}, ${opts})

terraform-apply: # Apply Terraform changes - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform apply command, default is none/empty] @Development
make _terraform cmd="apply" \
dir=$(or ${terraform_dir}, ${dir}) \
opts=$(or ${terraform_opts}, ${opts})

terraform-destroy: # Destroy Terraform resources - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform destroy command, default is none/empty] @Development
make _terraform \
cmd="destroy" \
dir=$(or ${terraform_dir}, ${dir}) \
opts=$(or ${terraform_opts}, ${opts})

terraform-fmt: # Format Terraform files - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform fmt command, default is '-recursive'] @Quality
make _terraform cmd="fmt" \
dir=$(or ${terraform_dir}, ${dir}) \
opts=$(or ${terraform_opts}, ${opts})

terraform-validate: # Validate Terraform configuration - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform validate command, default is none/empty] @Quality
make _terraform cmd="validate" \
dir=$(or ${terraform_dir}, ${dir}) \
opts=$(or ${terraform_opts}, ${opts})

clean:: # Remove Terraform files (terraform) - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set] @Operations
make _terraform cmd="clean" \
dir=$(or ${terraform_dir}, ${dir}) \
opts=$(or ${terraform_opts}, ${opts})

_terraform: # Terraform command wrapper - mandatory: cmd=[command to execute]; optional: dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], opts=[options to pass to the Terraform command, default is none/empty]
dir=$(or ${dir}, ${TERRAFORM_STACK})
source scripts/terraform/terraform.lib.sh
terraform-${cmd} # 'dir' and 'opts' are accessible by the function as environment variables, if set

# ==============================================================================
# Quality checks - please DO NOT edit this section!

terraform-shellscript-lint: # Lint all Terraform module shell scripts @Quality
for file in $$(find scripts/terraform -type f -name "*.sh"); do
file=$${file} scripts/shellscript-linter.sh
done

# ==============================================================================
# Configuration - please DO NOT edit this section!

terraform-install: # Install Terraform @Installation
make _install-dependency name="terraform"

# ==============================================================================

${VERBOSE}.SILENT: \
_terraform \
clean \
terraform-apply \
terraform-destroy \
terraform-fmt \
terraform-init \
terraform-install \
terraform-plan \
terraform-shellscript-lint \
terraform-validate \
DOCKER_IMAGE=
REGION=UK South
APP_SHORT_NAME=luncs

poc: # Target the poc environment - make poc <action>
$(eval include infrastructure/environments/poc/variables.sh)

dev: # Target the dev environment - make dev <action>
$(eval include infrastructure/environments/dev/variables.sh)

preprod: # Target the preprod environment - make preprod <action>
$(eval include infrastructure/environments/preprod/variables.sh)

review: # Target the review infrastructure, or a review app if PR_NUMBER is used - make review <action> [PR_NUMBER=<pr_number>]
$(eval include infrastructure/environments/review/variables.sh)
$(if ${PR_NUMBER}, $(eval export TF_VAR_deploy_infra=false), $(eval export TF_VAR_deploy_container_apps=false))
$(if ${PR_NUMBER}, $(eval export ENVIRONMENT=pr-${PR_NUMBER}), $(eval export ENVIRONMENT=review))

db-setup:
$(if ${TF_VAR_deploy_container_apps},, scripts/bash/db_run_job.sh ${ENVIRONMENT} ${PR_NUMBER})

ci: # Skip manual approvals when running in CI - make ci <env> <action>
$(eval AUTO_APPROVE=-auto-approve)
$(eval SKIP_AZURE_LOGIN=true)

set-azure-account: # Set the Azure account for the environment - make <env> set-azure-account
[ "${SKIP_AZURE_LOGIN}" != "true" ] && az account set -s ${AZURE_SUBSCRIPTION} || true

resource-group-init: set-azure-account get-subscription-ids # Initialise the resources required by terraform - make <env> resource-group-init
$(eval STORAGE_ACCOUNT_NAME=sa${APP_SHORT_NAME}${ENV_CONFIG}tfstate)
scripts/bash/resource_group_init.sh "${REGION}" "${HUB_SUBSCRIPTION_ID}" "${ENABLE_SOFT_DELETE}" "${ENV_CONFIG}" "${STORAGE_ACCOUNT_RG}" "${STORAGE_ACCOUNT_NAME}" "${APP_SHORT_NAME}" "${ARM_SUBSCRIPTION_ID}"

get-subscription-ids: # Retrieve the hub subscription ID based on the subscription name in ${HUB_SUBSCRIPTION} - make <env> get-subscription-ids
$(eval HUB_SUBSCRIPTION_ID=$(shell az account show --query id --output tsv --name ${HUB_SUBSCRIPTION}))
$(if ${ARM_SUBSCRIPTION_ID},,$(eval export ARM_SUBSCRIPTION_ID=$(shell az account show --query id --output tsv)))

terraform-init-no-backend: # Initialise terraform modules only and update terraform lock file - make <env> terraform-init-no-backend
rm -rf infrastructure/modules/dtos-devops-templates
git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_REF} \
https://github.com/NHSDigital/dtos-devops-templates.git infrastructure/modules/dtos-devops-templates
terraform -chdir=infrastructure/terraform init -upgrade -backend=false

terraform-init: set-azure-account get-subscription-ids # Initialise Terraform - make <env> terraform-init
$(eval STORAGE_ACCOUNT_NAME=sa${APP_SHORT_NAME}${ENV_CONFIG}tfstate)
$(eval export ARM_USE_AZUREAD=true)

rm -rf infrastructure/modules/dtos-devops-templates
git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_REF} \
https://github.com/NHSDigital/dtos-devops-templates.git infrastructure/modules/dtos-devops-templates

terraform -chdir=infrastructure/terraform init -upgrade -reconfigure \
-backend-config=subscription_id=${HUB_SUBSCRIPTION_ID} \
-backend-config=resource_group_name=${STORAGE_ACCOUNT_RG} \
-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \
-backend-config=key=${ENVIRONMENT}.tfstate

$(eval export TF_VAR_app_short_name=${APP_SHORT_NAME})
# $(eval export TF_VAR_docker_image=${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG})
$(eval export TF_VAR_environment=${ENVIRONMENT})
# $(eval export TF_VAR_env_config=${ENV_CONFIG})
# $(eval export TF_VAR_hub=${HUB})
# $(eval export TF_VAR_hub_subscription_id=${HUB_SUBSCRIPTION_ID})

terraform-plan: terraform-init # Plan Terraform changes - make <env> terraform-plan DOCKER_IMAGE_TAG=abcd123
terraform -chdir=infrastructure/terraform plan -var-file ../environments/${ENV_CONFIG}/variables.tfvars

terraform-apply: terraform-init # Apply Terraform changes - make <env> terraform-apply DOCKER_IMAGE_TAG=abcd123
terraform -chdir=infrastructure/terraform apply -var-file ../environments/${ENV_CONFIG}/variables.tfvars ${AUTO_APPROVE}

terraform-destroy: terraform-init # Destroy Terraform resources - make <env> terraform-destroy
terraform -chdir=infrastructure/terraform destroy -var-file ../environments/${ENV_CONFIG}/variables.tfvars ${AUTO_APPROVE}

terraform-validate: terraform-init-no-backend # Validate Terraform changes - make <env> terraform-validate
terraform -chdir=infrastructure/terraform validate
Loading