Merge pull request #1 from florenciacomuzzi/feature

add env

Author: florenciacomuzzi

.github/workflows/terraform-apply.yml

@@ -0,0 +1,157 @@
+---
+name: "Terraform CICD"
+
+on:
+ push:
+   branches:
+   - main
+   - develop
+#   paths:
+#   - terraform/**
+ pull_request:
+#   branches:
+#   - main
+#   - develop
+#   paths:
+#   - terraform/**
+
+env:
+ # verbosity setting for Terraform logs
+ TF_LOG: INFO
+# # Credentials for deployment to AWS
+# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+# # S3 bucket for the Terraform state
+# BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE}}
+
+jobs:
+ terraform:
+   name: "Terraform Infrastructure Change Management"
+   runs-on: ubuntu-latest
+   permissions:
+     pull-requests: write  # Required for creating or updating PRs
+     contents: write       # Required for modifying files (if applicable)
+   defaults:
+     run:
+       shell: bash
+       # We keep Terraform files in the terraform directory.
+#       working-directory: ./terraform
+
+   steps:
+     - name: Checkout the repository to the runner
+       uses: actions/checkout@v2
+
+     - id: 'auth'
+       name: 'Authenticate to Google Cloud'
+       uses: 'google-github-actions/auth@v2'
+       with:
+         credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+
+     - name: 'Set up Cloud SDK'
+       uses: 'google-github-actions/setup-gcloud@v2'
+
+     - name: Setup Terraform with specified version on the runner
+       uses: hashicorp/setup-terraform@v2
+       with:
+         terraform_version: 1.3.0
+
+     - name: Terraform init [pull_request]
+       id: init-pr
+       if: github.event_name == 'pull_request'
+       run: |
+           if [ "${{ github.event.pull_request.base.ref }}" == "develop" ]; then
+            export ENV="dev";
+           elif [ "${{ github.event.pull_request.base.ref }}" == "main" ]; then
+            export ENV="prod";
+           else
+            echo "unsupported environment";
+           fi
+           terraform init -upgrade -backend-config=backend/$ENV.tfvars --reconfigure
+
+     - name: Terraform init [push]
+       id: init-push
+       if: github.event_name == 'push'
+       run: |
+           if [ "${{ github.ref }}" == "develop" ]; then
+            export ENV="dev";
+           elif [ "${{ github.ref }}" == "main" ]; then
+            export ENV="prod";
+           else
+            echo "unsupported environment";
+           fi
+           terraform init -upgrade -backend-config=backend/$ENV.tfvars --reconfigure
+
+     - name: Terraform format
+       id: fmt
+       run: terraform fmt -check
+
+     - name: Terraform validate
+       id: validate
+       run: terraform validate
+
+     - name: Terraform plan [pull_request]
+       id: plan-pr
+       if: github.event_name == 'pull_request'
+       run: |
+            if [ "${{ github.event.pull_request.base.ref }}" == "develop" ]; then
+             export ENV="dev";
+            elif [ "${{ github.event.pull_request.base.ref }}" == "main" ]; then
+             export ENV="prod";
+            else
+             echo "unsupported environment";
+            fi
+            terraform plan -input=false -var-file=variables/$ENV.auto.tfvars -lock=false
+       continue-on-error: true
+
+     - name: Terraform plan [push]
+       id: plan-push
+       if: github.event_name == 'push'
+       run: |
+            if [ "${{ github.ref }}" == "develop" ]; then
+             export ENV="dev";
+            elif [ "${{ github.ref }}" == "main" ]; then
+             export ENV="prod";
+            else
+             echo "unsupported environment";
+            fi
+            terraform plan -input=false -var-file=variables/$ENV.auto.tfvars -lock=false
+       continue-on-error: true
+
+     - uses: actions/github-script@v6
+       if: github.event_name == 'pull_request'
+       env:
+         PLAN: "terraform\n${{ steps.plan-pr.outputs.stdout }}"
+       with:
+         script: |
+           const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+           #### Terraform Initialization ⚙️\`${{ steps.init-pr.outcome }}\`
+           #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+           #### Terraform Plan 📖\`${{ steps.plan-pr.outcome }}\`
+ 
+           <details><summary>Show Plan</summary>
+ 
+           \`\`\`\n
+           ${process.env.PLAN}
+           \`\`\`
+ 
+           </details>
+           *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+ 
+           github.rest.issues.createComment({
+             issue_number: context.issue.number,
+             owner: context.repo.owner,
+             repo: context.repo.repo,
+             body: output
+           })
+
+     - name: Terraform Plan Status [pull_request]
+       if: github.event_name == 'pull_request' && steps.plan-pr.outcome == 'failure'
+       run: exit 1
+
+     - name: Terraform Plan Status
+       if: github.event_name == 'push' && steps.plan-push.outcome == 'failure'
+       run: exit 1
+
+     - name: Terraform Apply
+       if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+       run: terraform apply -auto-approve -input=false

.github/workflows/terraform-plan.yml

@@ -39,3 +39,6 @@ terraform.rc
 
 
 secret.*
+
+# TODO remove this file
+florenciacomuzzi-1cde3fb795c6.json

.github/workflows/terraform.yml

@@ -1,15 +1,16 @@
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_linode"></a> [linode](#requirement\_linode) | 2.34.1 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | 6.24.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_linode"></a> [linode](#provider\_linode) | 2.34.1 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.24.0 |
 
 ## Modules
 
@@ -19,14 +20,17 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [linode_instance.web](https://registry.terraform.io/providers/linode/linode/2.34.1/docs/resources/instance) | resource |
+| [google_compute_network.vpc_network](https://registry.terraform.io/providers/hashicorp/google/6.24.0/docs/resources/compute_network) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_token"></a> [token](#input\_token) | Linode API Token | `string` | n/a | yes |
+| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | GCP project id | `string` | `"florenciacomuzzi"` | no |
+| <a name="input_region"></a> [region](#input\_region) | GCP region | `string` | `"us-east1"` | no |
+| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC network name | `string` | n/a | yes |
 
 ## Outputs
 
 No outputs.
+<!-- END_TF_DOCS -->

.gitignore

@@ -5,6 +5,14 @@ Deployments are triggered from GitHub Actions workflows.
 
 ## Setting up your own project
 
+### GCP
+* Login to GCP account.
+* Create a service account like `k8s-environment-terraform-cicd` to use for CICD.
+* Create a service account JSON file.
+* Add as a repository secret by going to Settings > Secrets and variables > Actions. Name it GCP_CREDENTIALS and paste in the credentials JSON.
+* Create the buckets for Terraform state like `prod-tf-state-bucket`. The bucket names are specified in the `backend/{env}.tfvars` file.
+* Go to the bucket > Permissions > Add Member > Service Account > k8s-environment-terraform-cicd@florenciacomuzzi.iam.gserviceaccount.com > Role > Storage Object Admin.
+
 ### Linode
 * Login to Linode account. 
 * Create a personal access token. This secret is the value of "token" input variable of the Terraform module.

README.md

@@ -0,0 +1,3 @@
+terraform {
+  backend "gcs" {}
+}

SETUP.md

@@ -0,0 +1,2 @@
+bucket = "florenciacomuzzi-dev-tf-state-bucket"
+prefix = "k8s/environ"

backend.tf

@@ -0,0 +1,2 @@
+bucket = "florenciacomuzzi-prod-tf-state-bucket"
+prefix = "k8s/environ"