merge with remote

thunderbird · May 6, 2024 · cc26e98 · cc26e98
2 parents 6254669 + de8b9f2
commit cc26e98
Show file tree

Hide file tree

Showing 23 changed files with 1,020 additions and 0 deletions.
diff --git a/.github/workflows/apply-iac.yaml b/.github/workflows/apply-iac.yaml
@@ -0,0 +1,86 @@
+name: apply-iac
+
+on: 
+  workflow_call:
+    inputs:
+      tf_version:
+        required: true
+        type: string
+      tg_version:
+        required: true
+        type: string
+      aws_region:
+        required: true
+        type: string
+      environment:
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  apply-iac:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{secrets.IAM_ROLE}}
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: ${{inputs.aws_region}}
+
+      - name: install opentofu
+        uses: opentofu/setup-opentofu@v1
+        with: 
+          tofu_version: ${{inputs.tf_version}}
+          tofu_wrapper: false
+
+      - name: install terragrunt
+        run: |
+          sudo wget -q -O /bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${{ inputs.tg_version }}/terragrunt_linux_amd64"
+          sudo chmod +x /bin/terragrunt
+          terragrunt -v
+
+      - name: vpc
+        working-directory: ./tofu/environments/${{inputs.environment}}/network/vpc
+        run: |
+          terragrunt init -upgrade
+          terragrunt validate
+          terragrunt plan -out tfplan
+          terragrunt apply tfplan
+
+      - name: backend-infra
+        working-directory: ./tofu/environments/${{inputs.environment}}/services/backend-infra
+        run: |
+          terragrunt init -upgrade
+          terragrunt validate
+          terragrunt plan -out tfplan
+          terragrunt apply tfplan
+
+      - name: cache
+        working-directory: ./tofu/environments/${{inputs.environment}}/data-store/cache
+        run: |
+          terragrunt init -upgrade
+          terragrunt validate
+          terragrunt plan -out tfplan
+          terragrunt apply tfplan
+
+      - name: database
+        working-directory: ./tofu/environments/${{inputs.environment}}/data-store/database
+        run: |
+          terragrunt init -upgrade
+          terragrunt validate
+          terragrunt plan -out tfplan
+          terragrunt apply tfplan
+          
+      - name: frontend
+        working-directory: ./tofu/environments/${{inputs.environment}}/services/frontend
+        run: |
+          terragrunt init -upgrade
+          terragrunt validate
+          terragrunt plan -out tfplan
+          terragrunt apply tfplan
diff --git a/.github/workflows/deploy-backend.yaml b/.github/workflows/deploy-backend.yaml
@@ -0,0 +1,84 @@
+name: Deploy Backend
+
+# Stop any pending jobs
+concurrency:
+  group: backend
+  cancel-in-progress: true
+
+on:
+  workflow_call:
+    inputs:
+      tf_version:
+        required: true
+        type: string
+      tg_version:
+        required: true
+        type: string
+      aws_region:
+        required: true
+        type: string
+      environment:
+        required: true
+        type: string
+
+env:
+  ECR_REPOSITORY: appointment
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy-backend:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{secrets.IAM_ROLE}}
+        role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        aws-region: ${{inputs.aws_region}}
+
+    - name: install opentofu
+      uses: opentofu/setup-opentofu@v1
+      with: 
+        tofu_version: ${{inputs.tf_version}}
+        tofu_wrapper: false
+
+    - name: install terragrunt
+      run: |
+        sudo wget -q -O /bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${{ inputs.tg_version }}/terragrunt_linux_amd64"
+        sudo chmod +x /bin/terragrunt
+        terragrunt -v
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+      with:
+        mask-password: 'true'
+
+    - name: Build, tag, and push backend image to Amazon ECR
+      id: build-backend
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        IMAGE_TAG: backend-${{ github.sha }}
+      run: |
+        # Build a docker container and
+        # push it to ECR so that it can
+        # be deployed to ECS.
+        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG ./backend -f ./backend/deploy.dockerfile
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        echo "image_backend=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+    - name: backend-service
+      working-directory: ./tofu/environments/${{inputs.environment}}/services/backend-service
+      run: |
+        terragrunt init -upgrade
+        terragrunt validate
+        terragrunt plan -var 'image=${{ steps.build-backend.outputs.image_backend }}' -out tfplan
+        terragrunt apply tfplan
+
diff --git a/.github/workflows/deploy-frontend.yaml b/.github/workflows/deploy-frontend.yaml
@@ -0,0 +1,54 @@
+name: Deploy Frontend
+
+# Stop any pending jobs
+concurrency:
+  group: frontend
+  cancel-in-progress: true
+
+on:
+  workflow_call:
+    inputs:
+      aws_region:
+        required: true
+        type: string
+      bucket:
+        required: true
+        type: string
+      build_environment:
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy-frontend:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup NPM
+      uses: actions/setup-node@v4
+      with:
+        node-version: '18.x'
+
+    - name: Install dependencies
+      run: cd frontend && yarn install
+
+    - name: Build project
+      run: |
+        cp frontend/.env.${{inputs.build_environment}}.example frontend/.env.${{inputs.build_environment}}
+        cd frontend && yarn build --mode ${{inputs.build_environment}}
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{secrets.IAM_ROLE}}
+        role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        aws-region: ${{inputs.aws_region}}
+
+    - name: Deploy Frontend
+      run: aws s3 sync frontend/dist s3://${{inputs.bucket}} --delete
diff --git a/.github/workflows/primary.yaml b/.github/workflows/primary.yaml
@@ -0,0 +1,111 @@
+name: Primary Workflow
+
+concurrency:
+  group: iac
+  cancel-in-progress: true
+
+on:
+  push:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  detect-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      run-iac: ${{ steps.check.outputs.run-iac }}
+      run-backend: ${{ steps.check.outputs.run-backend }}
+      run-frontend: ${{ steps.check.outputs.run-frontend }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dorny/paths-filter@v3
+        id: check
+        with:
+          filters: |
+            run-iac:
+              - 'tofu/**'
+              - '.github/workflows/**'
+            run-backend:
+              - 'backend/**'
+              - 'tofu/modules/services/backend-service/**'
+            run-frontend:
+              - 'frontend/**'
+
+  verify-iac:
+    needs: detect-changes
+    if: github.ref != 'refs/heads/main' && needs.detect-changes.outputs.run-iac == 'true'
+    strategy:
+      max-parallel: 1
+      matrix:
+        environment: [stage, production]
+    uses: ./.github/workflows/verify-iac.yaml
+    with:
+      tf_version: 1.6.2
+      tg_version: 0.55.15
+      aws_region: us-east-1
+      environment: ${{ matrix.environment }}
+    secrets: inherit
+
+  apply-iac:
+    needs: detect-changes
+    if: github.ref == 'refs/heads/main' && needs.detect-changes.outputs.run-iac == 'true'
+    strategy:
+      max-parallel: 1
+      matrix:
+        environment: [stage]
+    uses: ./.github/workflows/apply-iac.yaml
+    with:
+      tf_version: 1.6.2
+      tg_version: 0.55.15
+      aws_region: us-east-1
+      environment: ${{ matrix.environment }}
+    secrets: inherit
+
+  ci-tests:
+    needs: detect-changes
+    if: github.ref == 'refs/heads/main' && (needs.detect-changes.outputs.run-backend == 'true' || needs.detect-changes.outputs.run-frontend == 'true')
+    uses: ./.github/workflows/ci-tests.yaml
+
+  verify-backend:
+    needs: detect-changes
+    if: github.ref != 'refs/heads/main' && needs.detect-changes.outputs.run-iac == 'true'
+    strategy:
+      max-parallel: 1
+      matrix:
+        environment: [stage, production]
+    uses: ./.github/workflows/verify-backend.yaml
+    with:
+      tf_version: 1.6.2
+      tg_version: 0.55.15
+      aws_region: us-east-1
+      environment: ${{ matrix.environment }}
+    secrets: inherit
+
+  deploy-backend:
+    needs: detect-changes
+    if: github.ref == 'refs/heads/main' && needs.detect-changes.outputs.run-backend == 'true'
+    strategy:
+      max-parallel: 1
+      matrix:
+        environment: [stage]
+    uses: ./.github/workflows/deploy-backend.yaml
+    with:
+      tf_version: 1.6.2
+      tg_version: 0.55.15
+      aws_region: us-east-1
+      environment: ${{ matrix.environment }}
+    secrets: inherit
+
+  deploy-frontend:
+    needs: detect-changes
+    if: github.ref == 'refs/heads/main' && needs.detect-changes.outputs.run-frontend == 'true'
+    uses: ./.github/workflows/deploy-frontend.yaml
+    with:
+      aws_region: us-east-1
+      bucket: tb-apmt-stage-frontend
+      build_environment: staging
+    secrets: inherit
+