okami101
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 30 additions & 0 deletions b/‎.github/workflows/build.yml‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 36 deletions b/‎.gitignore‎
Lines changed: 1 addition & 36 deletions
diff --git a/‎.terraform.lock.hcl‎
Lines changed: 0 additions & 24 deletions b/‎.terraform.lock.hcl‎
Lines changed: 0 additions & 24 deletions
diff --git a/‎Dockerfile‎
Lines changed: 23 additions & 0 deletions b/‎Dockerfile‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎server.py‎
Lines changed: 35 additions & 0 deletions b/‎server.py‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎terraform/.gitignore‎
Lines changed: 36 additions & 0 deletions b/‎terraform/.gitignore‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎terraform/.terraform.lock.hcl‎
Lines changed: 24 additions & 0 deletions b/‎terraform/.terraform.lock.hcl‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎buildx.tf‎ ‎terraform/buildx.tf‎buildx.tf renamed to terraform/buildx.tf b/‎buildx.tf‎ ‎terraform/buildx.tf‎buildx.tf renamed to terraform/buildx.tf
diff --git a/‎locals.tf‎ ‎terraform/locals.tf‎locals.tf renamed to terraform/locals.tf b/‎locals.tf‎ ‎terraform/locals.tf‎locals.tf renamed to terraform/locals.tf
diff --git a/‎main.tf‎ ‎terraform/main.tf‎main.tf renamed to terraform/main.tf b/‎main.tf‎ ‎terraform/main.tf‎main.tf renamed to terraform/main.tf
@@ -0,0 +1,30 @@
+name: Build & Push Docker Image
+
+on:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+env:
+  IMAGE_NAME: terraform-webhook
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
@@ -1,36 +1 @@
-
-### Terraform ###
-# Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
-*.tfstate
-*.tfstate.*
-
-# Crash log files
-crash.log
-crash.*.log
-
-# Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version
-# control as they are data points which are potentially sensitive and subject
-# to change depending on the environment.
-*.tfvars
-*.tfvars.json
-
-# Ignore override files as they are usually used to override resources locally and so
-# are not checked in
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
-
-# Include override files you do wish to add to version control using negated pattern
-# !example_override.tf
-
-# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
-
-# Ignore CLI configuration files
-.terraformrc
-terraform.rc
+compose.yaml
@@ -0,0 +1,23 @@
+FROM python:3.12-alpine
+
+ENV TERRAFORM_VERSION=1.12.2
+
+RUN apk add --no-cache ca-certificates unzip wget \
+    && update-ca-certificates \
+    && wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+    && unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+    && mv terraform /usr/local/bin/terraform \
+    && rm terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+    && pip install --no-cache-dir flask
+
+COPY server.py /app/server.py
+COPY terraform/*.tf /app/terraform/
+COPY terraform/*.lock.hcl /app/terraform/
+
+WORKDIR /app/terraform
+RUN terraform init
+
+WORKDIR /app
+
+EXPOSE 8080
+CMD ["python3", "server.py"]
@@ -0,0 +1,35 @@
+from flask import Flask, request, jsonify
+import subprocess
+import os
+
+app = Flask(__name__)
+TERRAFORM_DIR = "/app/terraform"
+
+
+@app.route("/webhook", methods=["POST"])
+def webhook():
+    secret = request.headers.get("X-Webhook-Token")
+    if secret != os.environ.get("WEBHOOK_TOKEN", "changeme"):
+        return jsonify({"status": "forbidden"}), 403
+
+    try:
+        result = subprocess.run(
+            ["terraform", "apply", "-auto-approve"],
+            cwd=TERRAFORM_DIR,
+            capture_output=True,
+            text=True,
+        )
+        return jsonify(
+            {"status": "success", "stdout": result.stdout, "stderr": result.stderr}
+        )
+    except Exception as e:
+        return jsonify({"status": "error", "message": str(e)}), 500
+
+
+@app.route("/", methods=["GET"])
+def health():
+    return jsonify({"status": "running"})
+
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=8080)
@@ -0,0 +1,36 @@
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc