diff --git a/.docker/Dockerfile b/.docker/Dockerfile index 9b85ee7..43232b4 100644 --- a/.docker/Dockerfile +++ b/.docker/Dockerfile @@ -7,6 +7,4 @@ RUN apk --no-cache add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/co COPY --chown=infrastructure:infrastructure . . -RUN ls -lha - ENTRYPOINT [ "terraform" ] diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index e08687d..cd786b1 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -2,9 +2,12 @@ name: "Pipeline" on: pull_request: - branches: [ "main" ] + branches: + - main + - docker push: - branches: [ "main" ] + branches: + - main jobs: test: @@ -13,25 +16,41 @@ jobs: steps: - uses: actions/checkout@v2 - - uses: hashicorp/setup-terraform@v1 + - name: "Build the image" + run: docker image build --file .docker/Dockerfile --tag infrastructure:${{ github.sha }} . + + - name: "Create the volumes" + run: | + docker volume create aws-provider + docker volume create github-provider + docker volume create heroku-provider - name: "Initializes terraform" env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_COMMIT_SHA: ${{ github.sha }} run: | - source scripts/pipeline_utils.sh - init_terraform github heroku aws + source scripts/utils.sh + init_terraform aws github heroku - name: "Run terraform to check for formatting" + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_COMMIT_SHA: ${{ github.sha }} run: | - source scripts/pipeline_utils.sh - format_terraform github heroku aws + source scripts/utils.sh + format_terraform aws github heroku - name: "Run validation to check for issues" + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_COMMIT_SHA: ${{ github.sha }} run: | - source scripts/pipeline_utils.sh - validate_terraform github heroku aws + source scripts/utils.sh + format_terraform aws github heroku build: if: ${{ github.event_name == 'pull_request' }} @@ -41,20 +60,29 @@ jobs: steps: - uses: actions/checkout@v2 - - uses: hashicorp/setup-terraform@v1 + - name: "Build the image" + run: docker image build --file .docker/Dockerfile --tag infrastructure:${{ github.sha }} . + + - name: "Create the volumes" + run: | + docker volume create aws-provider + docker volume create github-provider + docker volume create heroku-provider - name: "Initializes terraform" env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_COMMIT_SHA: ${{ github.sha }} run: | - source scripts/pipeline_utils.sh - init_terraform github heroku aws + source scripts/utils.sh + init_terraform aws github heroku - name: "Generate terraform plan" env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_COMMIT_SHA: ${{ github.sha }} TF_VAR_GH_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} TF_VAR_DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} TF_VAR_DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} @@ -81,8 +109,8 @@ jobs: TF_VAR_GAMBLEY_CD_USER_AWS_SECRET_KEY: ${{ secrets.GAMBLEY_CD_USER_AWS_SECRET_KEY }} TF_VAR_SNYK_SECRET_KEY: ${{ secrets.SNYK_SECRET_KEY }} run: | - source scripts/pipeline_utils.sh - plan_terraform github heroku aws + source scripts/utils.sh + plan_terraform aws github heroku deploy: if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} @@ -90,15 +118,23 @@ jobs: steps: - uses: actions/checkout@v2 - - uses: hashicorp/setup-terraform@v1 + - name: "Build the image" + run: docker image build --file .docker/Dockerfile --tag infrastructure:${{ github.sha }} . + + - name: "Create the volumes" + run: | + docker volume create aws-provider + docker volume create github-provider + docker volume create heroku-provider - name: "Initializes terraform" env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_COMMIT_SHA: ${{ github.sha }} run: | - source scripts/pipeline_utils.sh - init_terraform github heroku aws + source scripts/utils.sh + init_terraform aws github heroku - name: "Apply terraform plan" env: @@ -131,4 +167,4 @@ jobs: TF_VAR_SNYK_SECRET_KEY: ${{ secrets.SNYK_SECRET_KEY }} run: | source scripts/pipeline_utils.sh - apply_terraform github heroku aws + apply_terraform aws github heroku diff --git a/scripts/pipeline_utils.sh b/scripts/pipeline_utils.sh deleted file mode 100644 index 3925c09..0000000 --- a/scripts/pipeline_utils.sh +++ /dev/null @@ -1,39 +0,0 @@ -init_terraform() { - for i in "$@" - do - echo "Initializing terraform for" "$i" - terraform -chdir="src/$i" init -input=false - done -} - -format_terraform() { - for i in "$@" - do - echo "Formatting terraform files for" "$i" - terraform -chdir="src/$i" fmt -check - done -} - -validate_terraform() { - for i in "$@" - do - echo "Validating terraform plan for" "$i" - terraform -chdir="src/$i" validate -json - done -} - -plan_terraform() { - for i in "$@" - do - echo "Generating terraform plan for" "$i" - terraform -chdir="src/$i" plan -input=false - done -} - -apply_terraform() { - for i in "$@" - do - echo "Applying terraform plan for" "$i" - terraform -chdir="src/$i" apply -auto-approve -input=false - done -} diff --git a/scripts/utils.sh b/scripts/utils.sh new file mode 100644 index 0000000..2110252 --- /dev/null +++ b/scripts/utils.sh @@ -0,0 +1,119 @@ +init_terraform() { + for dir in "$@" + do + echo "Initializing terraform for" "$dir" + docker container run \ + --env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + --env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + --volume aws-provider:/app/src/aws/.terraform \ + --volume github-provider:/app/src/github/.terraform \ + --volume heroku-provider:/app/src/heroku/.terraform \ + infrastructure:"$GITHUB_COMMIT_SHA" -chdir=src/"$dir" init -input=false 2>&1 + done +} + +format_terraform() { + for dir in "$@" + do + echo "Formatting terraform files for" "$dir" + docker container run \ + --env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + --env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + --volume aws-provider:/app/src/aws/.terraform \ + --volume github-provider:/app/src/github/.terraform \ + --volume heroku-provider:/app/src/heroku/.terraform \ + infrastructure:"$GITHUB_COMMIT_SHA" -chdir=src/"$dir" fmt -check 2>&1 + done +} + +validate_terraform() { + for dir in "$@" + do + echo "Validating terraform plan for" "$dir" + docker container run \ + --env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + --env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + --volume aws-provider:/app/src/aws/.terraform \ + --volume github-provider:/app/src/github/.terraform \ + --volume heroku-provider:/app/src/heroku/.terraform \ + infrastructure:"$GITHUB_COMMIT_SHA" -chdir=src/"$dir" validate -json 2>&1 + done +} + +plan_terraform() { + for dir in "$@" + do + echo "Generating terraform plan for" "$dir" + docker container run \ + --env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + --env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + --env TF_VAR_GH_PERSONAL_ACCESS_TOKEN="$GH_PERSONAL_ACCESS_TOKEN" \ + --env TF_VAR_DOCKERHUB_USERNAME="$DOCKERHUB_USERNAME" \ + --env TF_VAR_DOCKERHUB_TOKEN="$DOCKERHUB_TOKEN" \ + --env TF_VAR_HEROKU_EMAIL="$HEROKU_EMAIL" \ + --env TF_VAR_HEROKU_API_KEY="$HEROKU_API_KEY" \ + --env TF_VAR_EMAIL_SERVICE_CODECOV_TOKEN="$EMAIL_SERVICE_CODECOV_TOKEN" \ + --env TF_VAR_API_GATEWAY_CODECOV_TOKEN="$API_GATEWAY_CODECOV_TOKEN" \ + --env TF_VAR_EMAIL_SERVICE_DATABASE_URL="$EMAIL_SERVICE_DATABASE_URL" \ + --env TF_VAR_EMAIL_SERVICE_MAIL_PASSWORD="$EMAIL_SERVICE_MAIL_PASSWORD" \ + --env TF_VAR_EMAIL_SERVICE_MAIL_USERNAME="$EMAIL_SERVICE_MAIL_USERNAME" \ + --env TF_VAR_EMAIL_SERVICE_REDIS_TLS_URL="$EMAIL_SERVICE_REDIS_TLS_URL" \ + --env TF_VAR_EMAIL_SERVICE_REDIS_URL="$EMAIL_SERVICE_REDIS_URL" \ + --env TF_VAR_PROFILE_SERVICE_DATABASE_URL="$PROFILE_SERVICE_DATABASE_URL" \ + --env TF_VAR_PROFILE_SERVICE_REDIS_TLS_URL="$PROFILE_SERVICE_REDIS_TLS_URL" \ + --env TF_VAR_PROFILE_SERVICE_REDIS_URL="$PROFILE_SERVICE_REDIS_URL" \ + --env TF_VAR_WIKI_DATABASE_HOST="$WIKI_DATABASE_HOST" \ + --env TF_VAR_WIKI_DATABASE_PORT="$WIKI_DATABASE_PORT" \ + --env TF_VAR_WIKI_DATABASE_USER="$WIKI_DATABASE_USER" \ + --env TF_VAR_WIKI_DATABASE_PASSWORD="$WIKI_DATABASE_PASSWORD" \ + --env TF_VAR_WIKI_DATABASE_NAME="$WIKI_DATABASE_NAME" \ + --env TF_VAR_DISCORD_WEBHOOK_URL="$DISCORD_WEBHOOK_URL" \ + --env TF_VAR_TRUSTED_HOSTS="$TRUSTED_HOSTS" \ + --env TF_VAR_GAMBLEY_CD_USER_AWS_ACCESS_KEY="$GAMBLEY_CD_USER_AWS_ACCESS_KEY" \ + --env TF_VAR_GAMBLEY_CD_USER_AWS_SECRET_KEY="$GAMBLEY_CD_USER_AWS_SECRET_KEY" \ + --env TF_VAR_SNYK_SECRET_KEY="$SNYK_SECRET_KEY" \ + --volume aws-provider:/app/src/aws/.terraform \ + --volume github-provider:/app/src/github/.terraform \ + --volume heroku-provider:/app/src/heroku/.terraform \ + infrastructure:"$GITHUB_COMMIT_SHA" -chdir=src/"$dir" plan -input=false 2>&1 + done +} + +apply_terraform() { + for dir in "$@" + do + echo "Applying terraform plan for" "$dir" + docker container run \ + --env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + --env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + --env TF_VAR_GH_PERSONAL_ACCESS_TOKEN="$GH_PERSONAL_ACCESS_TOKEN" \ + --env TF_VAR_DOCKERHUB_USERNAME="$DOCKERHUB_USERNAME" \ + --env TF_VAR_DOCKERHUB_TOKEN="$DOCKERHUB_TOKEN" \ + --env TF_VAR_HEROKU_EMAIL="$HEROKU_EMAIL" \ + --env TF_VAR_HEROKU_API_KEY="$HEROKU_API_KEY" \ + --env TF_VAR_EMAIL_SERVICE_CODECOV_TOKEN="$EMAIL_SERVICE_CODECOV_TOKEN" \ + --env TF_VAR_API_GATEWAY_CODECOV_TOKEN="$API_GATEWAY_CODECOV_TOKEN" \ + --env TF_VAR_EMAIL_SERVICE_DATABASE_URL="$EMAIL_SERVICE_DATABASE_URL" \ + --env TF_VAR_EMAIL_SERVICE_MAIL_PASSWORD="$EMAIL_SERVICE_MAIL_PASSWORD" \ + --env TF_VAR_EMAIL_SERVICE_MAIL_USERNAME="$EMAIL_SERVICE_MAIL_USERNAME" \ + --env TF_VAR_EMAIL_SERVICE_REDIS_TLS_URL="$EMAIL_SERVICE_REDIS_TLS_URL" \ + --env TF_VAR_EMAIL_SERVICE_REDIS_URL="$EMAIL_SERVICE_REDIS_URL" \ + --env TF_VAR_PROFILE_SERVICE_DATABASE_URL="$PROFILE_SERVICE_DATABASE_URL" \ + --env TF_VAR_PROFILE_SERVICE_REDIS_TLS_URL="$PROFILE_SERVICE_REDIS_TLS_URL" \ + --env TF_VAR_PROFILE_SERVICE_REDIS_URL="$PROFILE_SERVICE_REDIS_URL" \ + --env TF_VAR_WIKI_DATABASE_HOST="$WIKI_DATABASE_HOST" \ + --env TF_VAR_WIKI_DATABASE_PORT="$WIKI_DATABASE_PORT" \ + --env TF_VAR_WIKI_DATABASE_USER="$WIKI_DATABASE_USER" \ + --env TF_VAR_WIKI_DATABASE_PASSWORD="$WIKI_DATABASE_PASSWORD" \ + --env TF_VAR_WIKI_DATABASE_NAME="$WIKI_DATABASE_NAME" \ + --env TF_VAR_DISCORD_WEBHOOK_URL="$DISCORD_WEBHOOK_URL" \ + --env TF_VAR_TRUSTED_HOSTS="$TRUSTED_HOSTS" \ + --env TF_VAR_GAMBLEY_CD_USER_AWS_ACCESS_KEY="$GAMBLEY_CD_USER_AWS_ACCESS_KEY" \ + --env TF_VAR_GAMBLEY_CD_USER_AWS_SECRET_KEY="$GAMBLEY_CD_USER_AWS_SECRET_KEY" \ + --env TF_VAR_SNYK_SECRET_KEY="$SNYK_SECRET_KEY" \ + --volume aws-provider:/app/src/aws/.terraform \ + --volume github-provider:/app/src/github/.terraform \ + --volume heroku-provider:/app/src/heroku/.terraform \ + infrastructure:"$GITHUB_COMMIT_SHA" -chdir=src/"$dir" apply -auto-approve -input=false 2>&1 + done +}