Dockerize the code base

.docker/Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine:3.14.0
+
+WORKDIR /app
+
+RUN apk --no-cache add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community terraform \
+    && addgroup -S infrastructure && adduser -S infrastructure -G infrastructure
+
+COPY --chown=infrastructure:infrastructure . .
+
+RUN ls -lha
+
+ENTRYPOINT [ "terraform" ]

.dockerignore

@@ -0,0 +1,13 @@
+.docker/
+.git/
+.github/
+.vscode/
+src/aws/.terraform/
+src/github/.terraform/
+src/heroku/.terraform/
+
+*.toml
+.*ignore
+.env*
+*.yml
+*.md

.env.example

@@ -3,13 +3,7 @@ export TF_VAR_DOCKERHUB_USERNAME=xxxx
 export TF_VAR_DOCKERHUB_TOKEN=xxxx
 export TF_VAR_HEROKU_EMAIL=xxxx
 export TF_VAR_HEROKU_API_KEY=xxxx
-export TF_VAR_EMAIL_SERVICE_CODECOV_TOKEN=xxxx
 export TF_VAR_API_GATEWAY_CODECOV_TOKEN=xxxx
-export TF_VAR_EMAIL_SERVICE_DATABASE_URL=xxxx
-export TF_VAR_EMAIL_SERVICE_MAIL_PASSWORD=xxxx
-export TF_VAR_EMAIL_SERVICE_MAIL_USERNAME=xxxx
-export TF_VAR_EMAIL_SERVICE_REDIS_TLS_URL=xxxx
-export TF_VAR_EMAIL_SERVICE_REDIS_URL=xxxx
 export TF_VAR_PROFILE_SERVICE_DATABASE_URL=xxxx
 export TF_VAR_PROFILE_SERVICE_REDIS_TLS_URL=xxxx
 export TF_VAR_PROFILE_SERVICE_REDIS_URL=xxxx
@@ -23,3 +17,9 @@ export TF_VAR_TRUSTED_HOSTS=xxxx
 export TF_VAR_GAMBLEY_CD_USER_AWS_ACCESS_KEY=xxxx
 export TF_VAR_GAMBLEY_CD_USER_AWS_SECRET_KEY=xxxx
 export TF_VAR_SNYK_SECRET_KEY=xxxx
+export TF_VAR_GAMBLEY_BACKEND_DEEPSOURCE_DSN=xxxx
+export TF_VAR_GAMBLEY_BACKEND_MAIL_USERNAME=xxxx
+export TF_VAR_GAMBLEY_BACKEND_MAIL_PASSWORD=xxxx
+export TF_VAR_GAMBLEY_BACKEND_SUPPRESS_SEND=xxxx
+export TF_VAR_GAMBLEY_BACKEND_SSH_USER=xxxx
+export TF_VAR_GAMBLEY_BACKEND_SSH_HOST=xxxx

.github/workflows/pipeline.yml

@@ -2,14 +2,16 @@ name: "Pipeline"
 
 on:
   pull_request:
-    branches: [ "main" ]
+    branches:
+      - main
   push:
-    branches: [ "main" ]
+    branches:
+      - main
 
 jobs:
   test:
     if: ${{ github.event_name == 'pull_request' }}
-    runs-on: "ubuntu-20.04"
+    runs-on: "ubuntu-18.04"
     steps:
       - uses: actions/checkout@v2
 
@@ -28,6 +30,14 @@ jobs:
           source scripts/pipeline_utils.sh
           format_terraform github heroku aws
 
+      - name: "Adds directory for infra data"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          source scripts/pipeline_utils.sh
+          setup_data
+
       - name: "Run validation to check for issues"
         run: |
           source scripts/pipeline_utils.sh
@@ -37,7 +47,7 @@ jobs:
     if: ${{ github.event_name == 'pull_request' }}
     needs:
       - test
-    runs-on: "ubuntu-20.04"
+    runs-on: "ubuntu-18.04"
     steps:
       - uses: actions/checkout@v2
 
@@ -51,6 +61,14 @@ jobs:
           source scripts/pipeline_utils.sh
           init_terraform github heroku aws
 
+      - name: "Adds directory for infra data"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          source scripts/pipeline_utils.sh
+          setup_data
+
       - name: "Generate terraform plan"
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -60,13 +78,7 @@ jobs:
           TF_VAR_DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
           TF_VAR_HEROKU_EMAIL: ${{ secrets.HEROKU_EMAIL }}
           TF_VAR_HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
-          TF_VAR_EMAIL_SERVICE_CODECOV_TOKEN: ${{ secrets.EMAIL_SERVICE_CODECOV_TOKEN }}
           TF_VAR_API_GATEWAY_CODECOV_TOKEN: ${{ secrets.API_GATEWAY_CODECOV_TOKEN }}
-          TF_VAR_EMAIL_SERVICE_DATABASE_URL: ${{ secrets.EMAIL_SERVICE_DATABASE_URL }}
-          TF_VAR_EMAIL_SERVICE_MAIL_PASSWORD: ${{ secrets.EMAIL_SERVICE_MAIL_PASSWORD }}
-          TF_VAR_EMAIL_SERVICE_MAIL_USERNAME: ${{ secrets.EMAIL_SERVICE_MAIL_USERNAME }}
-          TF_VAR_EMAIL_SERVICE_REDIS_TLS_URL: ${{ secrets.EMAIL_SERVICE_REDIS_TLS_URL }}
-          TF_VAR_EMAIL_SERVICE_REDIS_URL: ${{ secrets.EMAIL_SERVICE_REDIS_URL }}
           TF_VAR_PROFILE_SERVICE_DATABASE_URL: ${{ secrets.PROFILE_SERVICE_DATABASE_URL }}
           TF_VAR_PROFILE_SERVICE_REDIS_TLS_URL: ${{ secrets.PROFILE_SERVICE_REDIS_TLS_URL }}
           TF_VAR_PROFILE_SERVICE_REDIS_URL: ${{ secrets.PROFILE_SERVICE_REDIS_URL }}
@@ -80,13 +92,19 @@ jobs:
           TF_VAR_GAMBLEY_CD_USER_AWS_ACCESS_KEY: ${{ secrets.GAMBLEY_CD_USER_AWS_ACCESS_KEY }}
           TF_VAR_GAMBLEY_CD_USER_AWS_SECRET_KEY: ${{ secrets.GAMBLEY_CD_USER_AWS_SECRET_KEY }}
           TF_VAR_SNYK_SECRET_KEY: ${{ secrets.SNYK_SECRET_KEY }}
+          TF_VAR_GAMBLEY_BACKEND_DEEPSOURCE_DSN: ${{ secrets.GAMBLEY_BACKEND_DEEPSOURCE_DSN }}
+          TF_VAR_GAMBLEY_BACKEND_MAIL_USERNAME: ${{ secrets.GAMBLEY_BACKEND_MAIL_USERNAME }}
+          TF_VAR_GAMBLEY_BACKEND_MAIL_PASSWORD: ${{ secrets.GAMBLEY_BACKEND_MAIL_PASSWORD }}
+          TF_VAR_GAMBLEY_BACKEND_SUPPRESS_SEND: ${{ secrets.GAMBLEY_BACKEND_SUPPRESS_SEND }}
+          TF_VAR_GAMBLEY_BACKEND_SSH_USER: ${{ secrets.GAMBLEY_BACKEND_SSH_USER }}
+          TF_VAR_GAMBLEY_BACKEND_SSH_HOST: ${{ secrets.GAMBLEY_BACKEND_SSH_HOST }}
         run: |
           source scripts/pipeline_utils.sh
           plan_terraform github heroku aws
 
   deploy:
     if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
-    runs-on: "ubuntu-20.04"
+    runs-on: "ubuntu-18.04"
     steps:
       - uses: actions/checkout@v2
 
@@ -100,6 +118,14 @@ jobs:
           source scripts/pipeline_utils.sh
           init_terraform github heroku aws
 
+      - name: "Adds directory for infra data"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          source scripts/pipeline_utils.sh
+          setup_data
+
       - name: "Apply terraform plan"
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -109,13 +135,7 @@ jobs:
           TF_VAR_DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
           TF_VAR_HEROKU_EMAIL: ${{ secrets.HEROKU_EMAIL }}
           TF_VAR_HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
-          TF_VAR_EMAIL_SERVICE_CODECOV_TOKEN: ${{ secrets.EMAIL_SERVICE_CODECOV_TOKEN }}
           TF_VAR_API_GATEWAY_CODECOV_TOKEN: ${{ secrets.API_GATEWAY_CODECOV_TOKEN }}
-          TF_VAR_EMAIL_SERVICE_DATABASE_URL: ${{ secrets.EMAIL_SERVICE_DATABASE_URL }}
-          TF_VAR_EMAIL_SERVICE_MAIL_PASSWORD: ${{ secrets.EMAIL_SERVICE_MAIL_PASSWORD }}
-          TF_VAR_EMAIL_SERVICE_MAIL_USERNAME: ${{ secrets.EMAIL_SERVICE_MAIL_USERNAME }}
-          TF_VAR_EMAIL_SERVICE_REDIS_TLS_URL: ${{ secrets.EMAIL_SERVICE_REDIS_TLS_URL }}
-          TF_VAR_EMAIL_SERVICE_REDIS_URL: ${{ secrets.EMAIL_SERVICE_REDIS_URL }}
           TF_VAR_PROFILE_SERVICE_DATABASE_URL: ${{ secrets.PROFILE_SERVICE_DATABASE_URL }}
           TF_VAR_PROFILE_SERVICE_REDIS_TLS_URL: ${{ secrets.PROFILE_SERVICE_REDIS_TLS_URL }}
           TF_VAR_PROFILE_SERVICE_REDIS_URL: ${{ secrets.PROFILE_SERVICE_REDIS_URL }}
@@ -129,6 +149,12 @@ jobs:
           TF_VAR_GAMBLEY_CD_USER_AWS_ACCESS_KEY: ${{ secrets.GAMBLEY_CD_USER_AWS_ACCESS_KEY }}
           TF_VAR_GAMBLEY_CD_USER_AWS_SECRET_KEY: ${{ secrets.GAMBLEY_CD_USER_AWS_SECRET_KEY }}
           TF_VAR_SNYK_SECRET_KEY: ${{ secrets.SNYK_SECRET_KEY }}
+          TF_VAR_GAMBLEY_BACKEND_DEEPSOURCE_DSN: ${{ secrets.GAMBLEY_BACKEND_DEEPSOURCE_DSN }}
+          TF_VAR_GAMBLEY_BACKEND_MAIL_USERNAME: ${{ secrets.GAMBLEY_BACKEND_MAIL_USERNAME }}
+          TF_VAR_GAMBLEY_BACKEND_MAIL_PASSWORD: ${{ secrets.GAMBLEY_BACKEND_MAIL_PASSWORD }}
+          TF_VAR_GAMBLEY_BACKEND_SUPPRESS_SEND: ${{ secrets.GAMBLEY_BACKEND_SUPPRESS_SEND }}
+          TF_VAR_GAMBLEY_BACKEND_SSH_USER: ${{ secrets.GAMBLEY_BACKEND_SSH_USER }}
+          TF_VAR_GAMBLEY_BACKEND_SSH_HOST: ${{ secrets.GAMBLEY_BACKEND_SSH_HOST }}
         run: |
           source scripts/pipeline_utils.sh
           apply_terraform github heroku aws

.gitignore

@@ -1,4 +1,5 @@
 .terraform/
 .vscode/
+data/
 
 .env

docker-compose.yml

@@ -0,0 +1,18 @@
+version: "3.8"
+
+
+networks:
+    infrastructure:
+        name: infrastructure
+
+
+services:
+    infrastructure:
+        image: infrastructure:development
+        build:
+            context: .
+            dockerfile: .docker/Dockerfile
+        networks:
+            - infrastructure
+        volumes:
+            - .:/usr/src/app

scripts/pipeline_utils.sh

@@ -37,3 +37,18 @@ apply_terraform() {
         terraform -chdir="src/$i" apply -auto-approve -input=false
     done
 }
+
+setup_data() {
+    echo "Created data directory"
+    mkdir -p src/aws/data
+    cd src/aws/data
+
+    echo "Copying test data to data directory"
+    aws s3 cp s3://gambley-infra-data/public_keys/id_gambley.pub .
+    echo "Copying IAM Role Policy to data directory"
+    aws s3 cp s3://gambley-infra-data/iam/iam_role_policy.json .
+    echo "Copying IAM Role Instance Policy to data directory"
+    aws s3 cp s3://gambley-infra-data/iam/iam_role_instance_policy.json .
+    echo "Copying user data script data directory"
+    aws s3 cp s3://gambley-infra-data/user_data/user_data.sh .
+}

src/aws/container_registry.tf

@@ -20,8 +20,8 @@ resource "aws_ecr_repository" "auth_service" {
   }
 }
 
-resource "aws_ecr_repository" "email_service" {
-  name = "email_service"
+resource "aws_ecr_repository" "gambley_backend" {
+  name = "gambley_backend"
   encryption_configuration {
     encryption_type = "AES256"
   }

src/aws/elastic_ip.tf

@@ -0,0 +1,7 @@
+resource "aws_eip" "gambley_node1_eip" {
+  instance = aws_instance.gambley_swarm_master.id
+  tags = {
+    "Name"      = "Gambley Node1 Elastic IP"
+    "Terraform" = "True"
+  }
+}

src/aws/iam.tf

@@ -0,0 +1,21 @@
+resource "aws_iam_role" "gambley_instance_role" {
+  name               = "gambley-instance-role"
+  assume_role_policy = file("${path.module}/data/iam_role_policy.json")
+  tags = {
+    "Terraform" = "True"
+  }
+}
+
+resource "aws_iam_instance_profile" "gambley_iam_instance_profile" {
+  name = "gambley-iam-profile"
+  role = aws_iam_role.gambley_instance_role.name
+  tags = {
+    "Terraform" = "True"
+  }
+}
+
+resource "aws_iam_role_policy" "gambley_iam_instance_policy" {
+  name   = "gambley-iam-instance-policy"
+  role   = aws_iam_role.gambley_instance_role.id
+  policy = file("${path.module}/data/iam_role_instance_policy.json")
+}

src/aws/main.tf

@@ -4,10 +4,10 @@ provider "aws" {
 
 terraform {
   backend "s3" {
-    bucket         = "aws-state-bucket"
-    key            = "terraform.tfstate"
+    bucket         = "terraform-gambley-state-bucket"
+    key            = "aws/terraform.tfstate"
     region         = "ap-south-1"
-    dynamodb_table = "aws-lock-table"
+    dynamodb_table = "terraform-gambley-lock-table"
     encrypt        = true
   }
   required_providers {

src/aws/virtual_machine.tf

@@ -0,0 +1,58 @@
+resource "aws_instance" "gambley_swarm_master" {
+  ami                         = "ami-0c1a7f89451184c8b"
+  instance_type               = "t3a.small"
+  key_name                    = aws_key_pair.gambley_ssh_key.key_name
+  associate_public_ip_address = true
+  user_data                   = file("${path.module}/data/user_data.sh")
+  security_groups             = [aws_security_group.gambley_security_group.name]
+  iam_instance_profile        = aws_iam_instance_profile.gambley_iam_instance_profile.name
+  metadata_options {
+    http_tokens = "required"
+  }
+  tags = {
+    "Name"      = "Gambley Node1"
+    "Terraform" = "True"
+  }
+}
+
+resource "aws_key_pair" "gambley_ssh_key" {
+  key_name   = "Gambley SSH Key"
+  public_key = file("${path.module}/data/id_gambley.pub")
+}
+
+resource "aws_security_group" "gambley_security_group" {
+  name        = "Gambley Security group"
+  description = "Security group for gambley host"
+  egress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    cidr_blocks = [
+      "0.0.0.0/0"
+    ]
+  }
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"
+    ]
+  }
+  ingress {
+    from_port = 80
+    to_port   = 80
+    protocol  = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"
+    ]
+  }
+  ingress {
+    from_port = 443
+    to_port   = 443
+    protocol  = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"
+    ]
+  }
+}

src/github/github_actions_secret.tf

@@ -1,11 +1,41 @@
-resource "github_actions_secret" "email_service_codecov_token" {
-  repository      = github_repository.email_service.name
-  secret_name     = "CODECOV_TOKEN"
-  plaintext_value = var.EMAIL_SERVICE_CODECOV_TOKEN
-}
-
 resource "github_actions_secret" "api_gateway_codecov_token" {
   repository      = github_repository.api_gateway.name
   secret_name     = "CODECOV_TOKEN"
   plaintext_value = var.API_GATEWAY_CODECOV_TOKEN
 }
+
+resource "github_actions_secret" "gambley_backend_deepsource_dsn" {
+  repository      = github_repository.gambley_backend.name
+  secret_name     = "DEEPSOURCE_DSN"
+  plaintext_value = var.GAMBLEY_BACKEND_DEEPSOURCE_DSN
+}
+
+resource "github_actions_secret" "gambley_backend_mail_username" {
+  repository      = github_repository.gambley_backend.name
+  secret_name     = "MAIL_USERNAME"
+  plaintext_value = var.GAMBLEY_BACKEND_MAIL_USERNAME
+}
+
+resource "github_actions_secret" "gambley_backend_mail_password" {
+  repository      = github_repository.gambley_backend.name
+  secret_name     = "MAIL_PASSWORD"
+  plaintext_value = var.GAMBLEY_BACKEND_MAIL_PASSWORD
+}
+
+resource "github_actions_secret" "gambley_backend_supress_send" {
+  repository      = github_repository.gambley_backend.name
+  secret_name     = "SUPPRESS_SEND"
+  plaintext_value = var.GAMBLEY_BACKEND_SUPPRESS_SEND
+}
+
+resource "github_actions_secret" "gambley_backend_ssh_user" {
+  repository      = github_repository.gambley_backend.name
+  secret_name     = "SSH_USER"
+  plaintext_value = var.GAMBLEY_BACKEND_SSH_USER
+}
+
+resource "github_actions_secret" "gambley_backend_ssh_host" {
+  repository      = github_repository.gambley_backend.name
+  secret_name     = "SSH_HOST"
+  plaintext_value = var.GAMBLEY_BACKEND_SSH_HOST
+}