From 5139b611b84c62cba91d7b821f13fc90ae16911e Mon Sep 17 00:00:00 2001
From: Louis Dionne <ldionne.2@gmail.com>
Date: Thu, 30 Oct 2025 16:58:21 -0700
Subject: [PATCH 1/3] Add a Terraform configuration to deploy lnt.llvm.org

This patch adds a Terraform configuration file that should allow
deploying to an EC2 instance. It requires a few secrets to be
made available to Github Actions.
---
 .github/workflows/deploy-lnt.llvm.org.yaml | 34 +++++++++++++++++++
 docker/lnt.llvm.org/ec2-startup.sh.tpl     | 17 ++++++++++
 docker/lnt.llvm.org/main.tf                | 38 ++++++++++++++++++++++
 docs/developer_guide.rst                   | 11 +++++++
 4 files changed, 100 insertions(+)
 create mode 100644 .github/workflows/deploy-lnt.llvm.org.yaml
 create mode 100644 docker/lnt.llvm.org/ec2-startup.sh.tpl
 create mode 100644 docker/lnt.llvm.org/main.tf

diff --git a/.github/workflows/deploy-lnt.llvm.org.yaml b/.github/workflows/deploy-lnt.llvm.org.yaml
new file mode 100644
index 00000000..8809bde3
--- /dev/null
+++ b/.github/workflows/deploy-lnt.llvm.org.yaml
@@ -0,0 +1,34 @@
+name: Deploy lnt.llvm.org
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-24.04
+
+    steps:
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+    - name: Initialize Terraform
+      run: terraform init
+
+    - name: Apply Terraform changes
+      run: terraform apply -auto-approve
+      env:
+        TF_VAR_lnt_db_password: ${{ secrets.LNT_DB_PASSWORD }}
+        TF_VAR_lnt_auth_token: ${{ secrets.LNT_AUTH_TOKEN }}
diff --git a/docker/lnt.llvm.org/ec2-startup.sh.tpl b/docker/lnt.llvm.org/ec2-startup.sh.tpl
new file mode 100644
index 00000000..61d71837
--- /dev/null
+++ b/docker/lnt.llvm.org/ec2-startup.sh.tpl
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+#
+# This is a template for the startup script that gets run on the EC2
+# instance running lnt.llvm.org. This template gets filled in by the
+# Terraform configuration file.
+#
+
+sudo yum update -y
+sudo amazon-linux-extras install docker git -y
+sudo service docker start
+sudo usermod -a -G docker ec2-user
+sudo chkconfig docker on
+
+LNT_DB_PASSWORD=${__db_password__}
+LNT_AUTH_TOKEN=${__auth_token__}
+docker compose --file compose.yaml up
diff --git a/docker/lnt.llvm.org/main.tf b/docker/lnt.llvm.org/main.tf
new file mode 100644
index 00000000..7cd7179a
--- /dev/null
+++ b/docker/lnt.llvm.org/main.tf
@@ -0,0 +1,38 @@
+#
+# Terraform file for deploying lnt.llvm.org.
+#
+
+provider "aws" {
+  region = "us-west-2"
+}
+
+variable "lnt_db_password" {
+  type        = string
+  description = "The database password for the lnt.llvm.org database."
+  sensitive   = true
+}
+
+variable "lnt_auth_token" {
+  type        = string
+  description = "The authentication token to perform destructive operations on lnt.llvm.org."
+  sensitive   = true
+}
+
+resource "local_file" "docker-compose-file" {
+  source = "../compose.yaml"
+  filename = "${path.module}/compose.yaml"
+}
+
+resource "aws_instance" "docker_server" {
+  ami           = "ami-0c97bd51d598d45e4" # Amazon Linux 2023 kernel-6.12 AMI in us-west-2
+  instance_type = "t2.micro"
+  key_name      = "test-key-name" # TODO
+  tags = {
+    Name = "lnt.llvm.org"
+  }
+
+  user_data = templatefile("${path.module}/ec2-startup.sh.tpl", {
+    __db_password__ = var.lnt_db_password,
+    __auth_token__ = var.lnt_auth_token,
+  })
+}
diff --git a/docs/developer_guide.rst b/docs/developer_guide.rst
index 06879d99..4b83ab91 100644
--- a/docs/developer_guide.rst
+++ b/docs/developer_guide.rst
@@ -84,3 +84,14 @@ install the development dependencies, and then run the following commands from t
 This requires setting up the right API token, see `the official documentation <https://packaging.python.org/en/latest/tutorials/packaging-projects/#uploading-the-distribution-archives>`_
 for details. You can replace ``--repository testpypi`` with ``--repository pypi`` once you are actually ready
 to publish the package.
+
+Deploying lnt.llvm.org
+----------------------
+
+The `lnt.llvm.org <https://lnt.llvm.org>`_ instance gets re-deployed automatically on every tag
+that gets pushed to main via a Github Action. Manually deploying the instance is also possible
+by directly using Terraform::
+
+    cd docker/lnt.llvm.org
+    terraform init
+    terraform apply -var <foo> # see docker/lnt.llvm.org/main.tf for required variables

From fbc9cb4c3e8450f02e342433deae026150a87a41 Mon Sep 17 00:00:00 2001
From: Louis Dionne <ldionne.2@gmail.com>
Date: Fri, 31 Oct 2025 09:34:11 -0700
Subject: [PATCH 2/3] Try to fix issue with docker compose file

---
 docker/lnt.llvm.org/main.tf | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/docker/lnt.llvm.org/main.tf b/docker/lnt.llvm.org/main.tf
index 7cd7179a..a91a7120 100644
--- a/docker/lnt.llvm.org/main.tf
+++ b/docker/lnt.llvm.org/main.tf
@@ -18,9 +18,22 @@ variable "lnt_auth_token" {
   sensitive   = true
 }
 
-resource "local_file" "docker-compose-file" {
-  source = "../compose.yaml"
-  filename = "${path.module}/compose.yaml"
+data "cloudinit_config" "startup_scripts" {
+  base64_encode = true
+  part {
+    filename     = "ec2-startup.sh"
+    content_type = "text/x-shellscript"
+    content      = templatefile("${path.module}/ec2-startup.sh.tpl", {
+      __db_password__ = var.lnt_db_password,
+      __auth_token__ = var.lnt_auth_token,
+    })
+  }
+
+  part {
+    filename     = "compose.yaml"
+    content_type = "text/cloud-config"
+    content      = file("${path.module}/../compose.yaml")
+  }
 }
 
 resource "aws_instance" "docker_server" {
@@ -31,8 +44,5 @@ resource "aws_instance" "docker_server" {
     Name = "lnt.llvm.org"
   }
 
-  user_data = templatefile("${path.module}/ec2-startup.sh.tpl", {
-    __db_password__ = var.lnt_db_password,
-    __auth_token__ = var.lnt_auth_token,
-  })
+  user_data_base64 = data.cloudinit_config.startup_scripts.rendered
 }

From c4577c979bd2a7e9b10fdc126ce82c8cecaa93bd Mon Sep 17 00:00:00 2001
From: Louis Dionne <ldionne.2@gmail.com>
Date: Fri, 31 Oct 2025 09:44:26 -0700
Subject: [PATCH 3/3] Install docker compose plugin

---
 docker/lnt.llvm.org/ec2-startup.sh.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/lnt.llvm.org/ec2-startup.sh.tpl b/docker/lnt.llvm.org/ec2-startup.sh.tpl
index 61d71837..a5d714da 100644
--- a/docker/lnt.llvm.org/ec2-startup.sh.tpl
+++ b/docker/lnt.llvm.org/ec2-startup.sh.tpl
@@ -7,7 +7,7 @@
 #
 
 sudo yum update -y
-sudo amazon-linux-extras install docker git -y
+sudo amazon-linux-extras install docker docker-compose-plugin -y
 sudo service docker start
 sudo usermod -a -G docker ec2-user
 sudo chkconfig docker on