Exercise 12

Author: aleyipsoftwire

.dockerignore

@@ -11,3 +11,41 @@ ansible
 .gitpod.yml
 .python-version
 Dockerfile
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

.github/workflows/my-pipeline.yml

@@ -21,8 +21,8 @@ jobs:
       - run: docker run --entrypoint poetry todo-app:test run safety check
         continue-on-error: true
 
-  deploy:
-    name: Build docker image and deploy to production
+  build-and-push:
+    name: Build docker image and push to docker hub
     runs-on: ubuntu-latest
     needs: test
     if: github.ref_name == github.event.repository.default_branch
@@ -41,7 +41,23 @@ jobs:
         with:
           push: true
           tags: aleyipsoftwire/todo-app:prod
-      - name: Release to Azure
+
+  apply-terraform-and-deploy:
+    name: Apply terraform changes and deploy to Azure
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    env:
+      ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+      ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+      ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+      ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Initialise terraform
+        run: terraform init
+      - name: Apply terraform changes
         env:
-          AZURE_WEBHOOK: ${{ secrets.AZURE_WEBHOOK }}
-        run: curl -X POST "$AZURE_WEBHOOK"
+          TF_VAR_prefix: "live"
+        run: terraform apply -auto-approve
+      - name: Release to Azure
+        run: curl -X POST "$(terraform output -raw webhook_url)"

.gitignore

@@ -118,3 +118,41 @@ env/
 
 ### Configuration files ###
 .env
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

.terraform.lock.hcl

@@ -152,15 +152,19 @@ docker run -dit \
 2. Building the image, with `docker build --target production --tag <user_name>/todo-app:prod .`
 3. Pushing the image, with `docker push <user_name>/todo_app:prod`
 
-### Deploying to Azure App Services
-
-1. First create an App Service Plan:
-   `az appservice plan create --resource-group <resource_group_name> -n <appservice_plan_name> --sku B1 --is-linux`
-2. Then create the Web App:
-   `az webapp create --resource-group <resource_group_name> --plan <appservice_plan_name> --name <webapp_name> --deployment-container-image-name docker.io/<user_name>/todo-app:prod`
-3. Set up environment variables individually via
-   `az webapp config appsettings set -g <resource_group_name> -n <webapp_name> --settings FLASK_APP=todo_app/app`
-4. The app should now be deployed to `http://<webapp_name>.azurewebsites.net/`
+### Terraform
+
+1. Follow
+   [this tutorial](https://docs.microsoft.com/en-us/azure/developer/terraform/store-state-in-azure-storage#configure-storage-account)
+   to set up a storage account
+2. Update the following values in `main.tf`:
+    * `resource_group_name` (there are multiple instances)
+    * `storage_account_name`
+    * `container_name`
+    * `subscription_id`
+    * `docker_image_name`
+3. Run `terraform init`
+4. Run `terraform apply`
 
 ### Update the image
 

README.md

@@ -0,0 +1,90 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.8"
+    }
+  }
+
+  backend "azurerm" {
+    resource_group_name  = "cohort32-33_AleYip_ProjectExercise"
+    storage_account_name = "m12tfstore"
+    container_name       = "m12-tf-store-container"
+    key                  = "terraform.tfstate"
+  }
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = "d33b95c7-af3c-4247-9661-aa96d47fccc0"
+}
+
+data "azurerm_resource_group" "main" {
+  name = "cohort32-33_AleYip_ProjectExercise"
+}
+
+resource "azurerm_service_plan" "main" {
+  name                = "${var.prefix}-terraformed-asp"
+  location            = data.azurerm_resource_group.main.location
+  resource_group_name = data.azurerm_resource_group.main.name
+  os_type             = "Linux"
+  sku_name            = "B1"
+}
+
+resource "azurerm_linux_web_app" "main" {
+  name                = "${var.prefix}-aleyipsoftwire-m12-exercise"
+  location            = data.azurerm_resource_group.main.location
+  resource_group_name = data.azurerm_resource_group.main.name
+  service_plan_id     = azurerm_service_plan.main.id
+
+  site_config {
+    application_stack {
+      docker_image_name   = "aleyipsoftwire/todo-app:prod"
+      docker_registry_url = "https://docker.io"
+    }
+  }
+
+  app_settings = {
+    WEBSITES_PORT                     = 8000
+    MONGODB_PRIMARY_CONNECTION_STRING = azurerm_cosmosdb_account.main.primary_mongodb_connection_string
+  }
+}
+
+resource "azurerm_cosmosdb_account" "main" {
+  name                = "${var.prefix}-aleyipsoftwire-m12-mongodb-cluster"
+  location            = data.azurerm_resource_group.main.location
+  resource_group_name = data.azurerm_resource_group.main.name
+  offer_type          = "Standard"
+  kind                = "MongoDB"
+
+  automatic_failover_enabled = true
+
+  capabilities {
+    name = "EnableMongo"
+  }
+
+  capabilities {
+    name = "EnableServerless"
+  }
+
+  consistency_policy {
+    consistency_level       = "BoundedStaleness"
+    max_interval_in_seconds = 300
+    max_staleness_prefix    = 100000
+  }
+
+  geo_location {
+    location          = "uksouth"
+    failover_priority = 0
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "azurerm_cosmosdb_mongo_database" "main" {
+  name                = "todo-app-db"
+  resource_group_name = data.azurerm_resource_group.main.name
+  account_name        = azurerm_cosmosdb_account.main.name
+}

main.tf

@@ -0,0 +1,8 @@
+output "webapp_url" {
+  value = "https://${azurerm_linux_web_app.main.default_hostname}"
+}
+
+output "webhook_url" {
+  value     = "https://${azurerm_linux_web_app.main.site_credential[0].name}:${azurerm_linux_web_app.main.site_credential[0].password}@${azurerm_linux_web_app.main.name}.scm.azurewebsites.net/docker/hook"
+  sensitive = true
+}

outputs.tf

@@ -0,0 +1,3 @@
+variable "prefix" {
+  description = "The prefix used for all resources in this environment"
+}