chore: tf gh actions (#35)

* chore: tf gh actions

* chore: experiment

* chore: update

* chore: gh action

* chore: update

* chore: update

* chore: update

* chore: add tf to hg

* chore: update

* fix: fmt

* fix: ci

* chore: trigger

* chore: trigger

* fix: ci

* chore: tf state

* chore: update

Author: eugbyte

.github/workflows/build.yml

@@ -4,11 +4,14 @@
 name: Build evently
 
 on:
-  push:
-    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
 
+# important for azure/login
+permissions:
+  id-token: write
+  contents: read
+  
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -34,4 +37,33 @@ jobs:
     - name: Run UI Tests
       run: cd src/evently.client && pnpm run test
     - name: Test Docker Image
-      run: docker build --tag=expo-connect/latest --file=src/Evently.Server/Dockerfile .
+      run: docker build --tag=expo-connect/latest --file=src/Evently.Server/Dockerfile .
+      
+  validate-tf:
+      runs-on: ubuntu-latest
+      steps:
+      - uses: actions/checkout@v4
+      - name: Azure Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      - name: Validate Azure CLI can be used
+        uses: azure/cli@v2
+        with:
+          azcliversion: latest
+          inlineScript: |
+            az account show
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Terraform init
+        run: |
+          cd deploy/Terraform 
+          terraform init
+      - name: Terraform validate
+        run: |
+          cd deploy/Terraform 
+          terraform validate
+
+

.github/workflows/deploy.yml

@@ -0,0 +1,61 @@
+name: Deploy evently
+
+on:
+  push:
+    branches: [ "main" ]
+    
+# important for azure/login
+permissions:
+  id-token: write
+  contents: read    
+    
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Azure Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      - name: Validate Azure CLI can be used
+        uses: azure/cli@v2
+        with:
+          azcliversion: latest
+          inlineScript: |
+            az account show
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Terraform init
+        run: |
+          cd deploy/Terraform 
+          terraform init
+      - name: Terraform validate
+        run: |
+          cd deploy/Terraform 
+          terraform validate
+      - name: Terraform plan
+        run: |
+          cd deploy/Terraform 
+          terraform plan
+        env:
+          TF_VAR_sql_admin_username: ${{ secrets.TF_VAR_SQL_ADMIN_USERNAME }}
+          TF_VAR_sql_admin_password: ${{ secrets.TF_VAR_SQL_ADMIN_PASSWORD }}
+          TF_VAR_google_client_id: ${{ secrets.TF_VAR_GOOGLE_CLIENT_ID }}
+          TF_VAR_google_client_secret: ${{ secrets.TF_VAR_GOOGLE_CLIENT_SECRET }}
+          TF_VAR_email_from: ${{ secrets.TF_VAR_EMAIL_FROM }}
+          TF_VAR_smtp_password: ${{ secrets.TF_VAR_SMTP_PASSWORD }}
+      # Apply step can be skipped for pull requests
+      - name: Terraform apply
+        run: cd deploy/Terraform && terraform apply -auto-approve
+        env:
+          TF_VAR_sql_admin_username: ${{ secrets.TF_VAR_SQL_ADMIN_USERNAME }}
+          TF_VAR_sql_admin_password: ${{ secrets.TF_VAR_SQL_ADMIN_PASSWORD }}
+          TF_VAR_google_client_id: ${{ secrets.TF_VAR_GOOGLE_CLIENT_ID }}
+          TF_VAR_google_client_secret: ${{ secrets.TF_VAR_GOOGLE_CLIENT_SECRET }}
+          TF_VAR_email_from: ${{ secrets.TF_VAR_EMAIL_FROM }}
+          TF_VAR_smtp_password: ${{ secrets.TF_VAR_SMTP_PASSWORD }}
+

.gitignore

@@ -437,8 +437,6 @@ src/emailpaywall.client/.svelte-kit
 **/obj/
 
 # Terraform
-**/*.tfstate
-**/*.tfstate.*
 **/*.tfvars
 **/*.tfvars.json
 **/.terraform/

deploy/Terraform/main.tf

@@ -12,7 +12,7 @@ terraform {
 }
 
 locals {
-  environment  = "staging"
+  environment = "staging"
 }
 
 provider "azurerm" {

deploy/Terraform/sql-database.tf

@@ -16,7 +16,7 @@ resource "azurerm_mssql_database" "db" {
   server_id                   = azurerm_mssql_server.sql_server.id
   sku_name                    = "Basic" # Cheapest option: 5 DTUs
   max_size_gb                 = 2       # Minimum size for Basic tier
-  auto_pause_delay_in_minutes = 60             # Auto-pause after 1 hour of inactivity
+  auto_pause_delay_in_minutes = 60      # Auto-pause after 1 hour of inactivity
 }
 
 resource "azurerm_mssql_firewall_rule" "allow_azure_services" {