Merge pull request #1065 from byu-oit/opentofu

Use OpenTofu 1.9.0, refactor directory structure

Author: joshgubler

.github/dependabot.yml

@@ -18,29 +18,13 @@ updates:
     target-branch: dev
 
   - package-ecosystem: terraform
-    directory: '/terraform-iac/dev/app'
+    directories:
+      - '/iac/app'
+      - '/iac/setup'
     schedule:
       interval: daily
     target-branch: dev
 
-  - package-ecosystem: terraform
-    directory: '/terraform-iac/dev/setup'
-    schedule:
-      interval: daily
-    target-branch: dev
-
-#  - package-ecosystem: terraform
-#    directory: '/terraform-iac/modules/app'
-#    schedule:
-#      interval: daily
-#    target-branch: dev
-#
-#  - package-ecosystem: terraform
-#    directory: '/terraform-iac/modules/setup'
-#    schedule:
-#      interval: daily
-#    target-branch: dev
-
 # For each of these, requesting reviews from your team makes Dependabot PRs easier to find (https://github.com/pulls/review-requested)
 #   reviewers:
 #     - byu-oit/your-github-team

.github/workflows/ci-app.yml

@@ -0,0 +1,82 @@
+name: CI / App
+
+on:
+  pull_request:
+    branches: [dev, stg, prd]
+    types: [opened, reopened, synchronize, edited]
+    paths:
+      - 'src/**'
+      - '.github/workflows/ci-app.yml'
+
+env:
+  node_version: "22.x"
+  FORCE_COLOR: 3
+
+jobs:
+  test:
+    name: Test
+    timeout-minutes: 3
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.node_version }}
+          cache: npm
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: npm ci
+        working-directory: src
+        run: npm ci --prefer-offline
+
+      - name: npm test
+        working-directory: src
+        run: npm test
+
+      - name: Report test coverage to Codecov
+        uses: codecov/codecov-action@v3
+        if: env.CODECOV_TOKEN
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  audit:
+    name: Audit
+    timeout-minutes: 3
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.node_version }}
+
+      # We don't need to install deps to audit them
+
+      - name: npm audit
+        working-directory: src
+        run: npm audit --audit-level=critical
+
+  lint:
+    name: Lint
+    timeout-minutes: 3
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.node_version }}
+          cache: npm
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: npm ci
+        working-directory: src
+        run: npm ci --prefer-offline
+
+      - name: npm lint
+        working-directory: src
+        run: npm run lint

.github/workflows/ci.yml .github/workflows/ci-iac.yml.github/workflows/ci.yml renamed to .github/workflows/ci-iac.yml

@@ -1,17 +1,16 @@
-name: CI
+name: CI / IaC
 
 on:
   pull_request:
     branches: [dev, stg, prd]
     types: [opened, reopened, synchronize, edited]
-    paths-ignore:
-      - 'README.md'
-      - 'LICENSE'
-      - '.gitignore'
+    paths:
+      - 'iac/**'
+      - '.github/workflows/ci-iac.yml'
+
 env:
   node_version: "22.x"
-  tf_version: "1.9.8" # must match value in terraform-iac/*/app/main.tf
-  FORCE_COLOR: 3
+  tf_version: "1.9.0" # must match value in iac/*/app/main.tf
 
 jobs:
   env:
@@ -25,7 +24,7 @@ jobs:
           matrix='{
             "env":[
               {
-                "tf_working_dir":"./terraform-iac/dev/app",
+                "environment_name":"dev",
                 "aws_account":"977306314792",
                 "aws_gha_role":"hw-lambda-api-dev-gha"
               }
@@ -39,7 +38,7 @@ jobs:
           matrix='{
             "env":[
               {
-                "tf_working_dir":"./terraform-iac/stg/app",
+                "environment_name":"stg",
                 "aws_account":"977306314792",
                 "aws_gha_role":"hw-lambda-api-stg-gha"
               }
@@ -53,14 +52,14 @@ jobs:
           matrix='{
             "env":[
               {
-                "tf_working_dir":"./terraform-iac/prd/app",
+                 "environment_name":"prd",
                 "aws_account":"539738229445",
-                "aws_gha_role":"hw-lambda-api-prd-gha"
+                "aws_gha_role":"hw-lambda-api-cpy-gha"
               },
               {
-                "tf_working_dir":"./terraform-iac/cpy/app",
+                "environment_name":"cpy",
                 "aws_account":"539738229445",
-                "aws_gha_role":"hw-lambda-api-cpy-gha"
+                "aws_gha_role":"hw-lambda-api-prd-gha"
               }
             ]
           }'
@@ -69,96 +68,24 @@ jobs:
     outputs:
       matrix: ${{ env.matrix }}
 
-  test:
-    name: Test
-    runs-on: ubuntu-latest
-    timeout-minutes: 3
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ env.node_version }}
-          cache: npm
-          cache-dependency-path: '**/package-lock.json'
-
-      - name: npm ci
-        working-directory: src
-        run: npm ci --prefer-offline
-
-      - name: npm test
-        working-directory: src
-        run: npm test
-
-      - name: Report test coverage to Codecov
-        uses: codecov/codecov-action@v5
-        if: env.CODECOV_TOKEN
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-  audit:
-    name: Audit
-    runs-on: ubuntu-latest
-    timeout-minutes: 3
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ env.node_version }}
-
-      # We don't need to install deps to audit them
-
-      - name: npm audit
-        working-directory: src
-        run: npm audit --audit-level=critical
-
-  lint:
-    name: Lint
-    runs-on: ubuntu-latest
-    timeout-minutes: 3
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ env.node_version }}
-          cache: npm
-          cache-dependency-path: '**/package-lock.json'
-
-      - name: npm ci
-        working-directory: src
-        run: npm ci --prefer-offline
-
-      - name: npm lint
-        working-directory: src
-        run: npm run lint
-
   format:
-    name: Terraform Format
+    name: Tofu Format
     timeout-minutes: 3
     runs-on: ubuntu-latest
-    needs: env
-    strategy:
-      matrix: ${{ fromJson(needs.env.outputs.matrix) }}
-      fail-fast: false
     steps:
       - uses: actions/checkout@v4
 
-      - name: Terraform Setup
-        uses: hashicorp/setup-terraform@v3
+      - name: Tofu Setup
+        uses: opentofu/setup-opentofu@v1
         with:
-          terraform_version: ${{ env.tf_version }}
+          tofu_version: ${{ env.tf_version }}
 
-      - name: Terraform Format
-        working-directory: "./"
-        run: terraform fmt -check -recursive
+      - name: Tofu Format
+        working-directory: iac
+        run: tofu fmt -check -recursive
 
   plan:
-    name: Terraform Plan
+    name: Tofu Plan / ${{ matrix.env.environment_name }}
     timeout-minutes: 6
     runs-on: ubuntu-latest
     needs: env
@@ -193,31 +120,30 @@ jobs:
           npm ci --production --prefer-offline
           zip -r lambda.zip *
 
-      - name: Terraform Setup
-        uses: hashicorp/setup-terraform@v3
+      - name: Tofu Setup
+        uses: opentofu/setup-opentofu@v1
         with:
-          terraform_version: ${{ env.tf_version }}
+          tofu_version: ${{ env.tf_version }}
 
-      - name: Terraform Init
-        working-directory: ${{ matrix.env.tf_working_dir }}
-        run: terraform init
+      - name: Tofu Init
+        working-directory: iac/app
+        run: tofu init -var-file=${{ matrix.env.environment_name }}.tfvars
 
-      - name: Terraform Plan
-        working-directory: ${{ matrix.env.tf_working_dir }}
-        run: terraform plan -input=false -out plan -lock=false
+      - name: Tofu Plan
+        working-directory: iac/app
+        run: tofu plan -var-file=${{ matrix.env.environment_name }}.tfvars -input=false -out plan -lock=false
 
-      - name: Comment Terraform Plan
+      - name: Comment Tofu Plan
         uses: byu-oit/github-action-tf-plan-comment@v1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
-          working-directory: ${{ matrix.env.tf_working_dir }}
+          working-directory: iac/app
           terraform-plan-file: plan
 
-      - name: Analyze Terraform Plan
+      - name: Analyze Tofu Plan
         uses: byu-oit/github-action-tf-plan-analyzer@v2
         with:
-          working-directory: ${{ matrix.env.tf_working_dir }}
+          working-directory: iac/app
           terraform-plan-file: plan
           divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }}
           divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }}
-