Merge pull request #2 from thiagoesteves/thi/add-gcp-terraform-files

Author: thiagoesteves

.github/workflows/full-deployment.yaml

@@ -1,4 +1,4 @@
-name: Deploy a full deployment package/version to AWS
+name: Deploy a full deployment package/version to AWS/GCP
 
 on:
   workflow_call:
@@ -12,10 +12,8 @@ env:
 
 jobs:
   build:
-    name: Building a release and publishing it at AWS
+    name: Building a release and version file
     runs-on: ubuntu-20.04
-    permissions:
-      contents: write
     steps:
       - uses: actions/checkout@v4
       - name: Setup BEAM
@@ -41,13 +39,44 @@ jobs:
       - name: Generate a Release
         run: mix release
 
+      - name: 'Upload release file artifact'
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-file
+          path: _build/prod/calori-${{ inputs.tag }}.tar.gz
+          retention-days: 5
+
+      - name: 'Upload version file artifact'
+        uses: actions/upload-artifact@v4
+        with:
+          name: version-file
+          path: current.json
+          retention-days: 5
+
+  upload_aws:
+    name: Upload files to AWS environment
+    needs: build
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: write
+    steps:
+      - name: Download version file artefact
+        uses: actions/download-artifact@v4
+        with:
+          name: version-file
+
+      - name: Download release file artefact
+        uses: actions/download-artifact@v4
+        with:
+          name: release-file
+ 
       - name: Copy a release file to the s3 distribution folder
         uses: prewk/s3-cp-action@v2
         with:
           aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws_region: "sa-east-1"
-          source: "_build/prod/*.tar.gz"
+          source: "calori-${{ inputs.tag }}.tar.gz"
           dest: "s3://calori-${{ secrets.CLOUD_ENV_NAME }}-distribution/dist/calori/calori-${{ inputs.tag }}.tar.gz"
 
       - name: Copy a version file to the s3 version folder
@@ -58,3 +87,41 @@ jobs:
           aws_region: "sa-east-1"
           source: "current.json"
           dest: "s3://calori-${{ secrets.CLOUD_ENV_NAME }}-distribution/versions/calori/${{ secrets.CLOUD_ENV_NAME }}/current.json"
+
+  upload_gcp:
+    name: Upload files to GCP environment
+    needs: build
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - name: Download version file artefact
+        uses: actions/download-artifact@v4
+        with:
+          name: version-file
+
+      - name: Download release file artefact
+        uses: actions/download-artifact@v4
+        with:
+          name: release-file
+
+      - id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+
+      - id: 'upload-release-file'
+        uses: 'google-github-actions/upload-cloud-storage@v2'
+        with:
+          path: 'calori-${{ inputs.tag }}.tar.gz'
+          destination: "calori-${{ secrets.CLOUD_ENV_NAME }}-distribution/dist/calori"
+          process_gcloudignore: false
+
+      - id: 'upload-version-file'
+        uses: 'google-github-actions/upload-cloud-storage@v2'
+        with:
+          path: 'current.json'
+          destination: "calori-${{ secrets.CLOUD_ENV_NAME }}-distribution/versions/calori/${{ secrets.CLOUD_ENV_NAME }}"
+          process_gcloudignore: false

.github/workflows/hot-upgrade.yaml

@@ -12,7 +12,7 @@ env:
 
 jobs:
   build:
-    name: Building a release and publishing it at AWS
+    name: Building a release and version file
     runs-on: ubuntu-20.04
     permissions:
       contents: write
@@ -66,6 +66,37 @@ jobs:
       - name: Generate a Release
         run: mix release
 
+      - name: 'Upload release file artifact'
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-file
+          path: _build/prod/calori-${{ inputs.tag }}.tar.gz
+          retention-days: 5
+
+      - name: 'Upload version file artifact'
+        uses: actions/upload-artifact@v4
+        with:
+          name: version-file
+          path: current.json
+          retention-days: 5
+
+  upload_aws:
+    name: Upload files to AWS environment
+    needs: build
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: write
+    steps:
+      - name: Download version file artefact
+        uses: actions/download-artifact@v4
+        with:
+          name: version-file
+
+      - name: Download release file artefact
+        uses: actions/download-artifact@v4
+        with:
+          name: release-file
+
       - name: Copy a release file to the s3 distribution folder
         uses: prewk/s3-cp-action@v2
         with:
@@ -83,3 +114,41 @@ jobs:
           aws_region: "sa-east-1"
           source: "current.json"
           dest: "s3://calori-${{ secrets.CLOUD_ENV_NAME }}-distribution/versions/calori/${{ secrets.CLOUD_ENV_NAME }}/current.json"
+
+  upload_gcp:
+    name: Upload files to GCP environment
+    needs: build
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - name: Download version file artefact
+        uses: actions/download-artifact@v4
+        with:
+          name: version-file
+
+      - name: Download release file artefact
+        uses: actions/download-artifact@v4
+        with:
+          name: release-file
+
+      - id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+
+      - id: 'upload-release-file'
+        uses: 'google-github-actions/upload-cloud-storage@v2'
+        with:
+          path: 'calori-${{ inputs.tag }}.tar.gz'
+          destination: "calori-${{ secrets.CLOUD_ENV_NAME }}-distribution/dist/calori"
+          process_gcloudignore: false
+
+      - id: 'upload-version-file'
+        uses: 'google-github-actions/upload-cloud-storage@v2'
+        with:
+          path: 'current.json'
+          destination: "calori-${{ secrets.CLOUD_ENV_NAME }}-distribution/versions/calori/${{ secrets.CLOUD_ENV_NAME }}"
+          process_gcloudignore: false

devops/terraform/.gitignore renamed to devops/aws/terraform/.gitignore

@@ -0,0 +1,2 @@
+main.tf
+.terraform.lock.hcl

devops/terraform/environments/prod/.envrc renamed to devops/aws/terraform/environments/prod/.envrc

@@ -37,6 +37,10 @@ write_files:
         "replicas": ${replicas},
         "account_name": "${account_name}",
         "deployex_hostname": "${deployex_hostname}",
+        "release_adapter": "s3",
+        "release_bucket": "calori-${account_name}-distribution",
+        "secrets_adapter": "aws",
+        "secrets_path": "deployex-calori-${account_name}-secrets",
         "aws_region": "${aws_region}",
         "version": "${deployex_version}",
         "os_target": "ubuntu-20.04",

devops/aws/terraform/environments/prod/.gitignore

@@ -0,0 +1,63 @@
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Thumbnails
+._*
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+### Terragrunt ###
+# terragrunt cache directories
+**/.terragrunt-cache/*
+
+# Terragrunt debug output file (when using `--terragrunt-debug` option)
+# See: https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-debug
+terragrunt-debug.tfvars.json
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# credentials
+deployex-gcp-terraform.json

devops/terraform/environments/prod/main_example.tf_ renamed to devops/aws/terraform/environments/prod/main_example.tf_

@@ -0,0 +1,2 @@
+main.tf
+.terraform.lock.hcl

devops/terraform/modules/standard-account/cloud-config.tpl renamed to devops/aws/terraform/modules/standard-account/cloud-config.tpl

@@ -0,0 +1,17 @@
+# Rename me to main.tf and populated with the corrected values
+
+provider "google" {
+  project = <project_id> # From deployex-gcp-terraform.json (project_id)
+  region  = <region> # Example "us-central1"
+  access_token = <token> # From GCP CLI terminal "gcloud beta auth application-default print-access-token"
+}
+
+module "standard_account" {
+  source           = "../../modules/standard-account"
+  account_name     = "prod"
+  server_dns       = "deployex.pro"
+  replicas         = "3"
+  machine_type     = "e2-micro"
+  deployex_dns     = "deployex.deployex.pro"
+  deployex_version = "0.3.0-rc14"
+}