From 48554bb50facaa7b2a6e4c6c4a32b1b990504b7a Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 23 Nov 2019 16:04:25 +0200 Subject: [PATCH 01/13] Deploy AWS ECS task --- .github/workflows/aws.yml | 62 +++++++++++++++++++++++++++++++++++++++ aws_deploy/task-def.json | 28 ++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 .github/workflows/aws.yml create mode 100644 aws_deploy/task-def.json diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml new file mode 100644 index 0000000..e404fa8 --- /dev/null +++ b/.github/workflows/aws.yml @@ -0,0 +1,62 @@ +# Inspired from +# https://aws.amazon.com/blogs/opensource/github-actions-aws-fargate/ +# https://www.theserverside.com/video/How-to-deploy-Docker-Hub-hosted-microservices-in-AWS-ECS + +on: + push: + branches: + - devel_issue#161 + +name: Deploy to Amazon ECS + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v1 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-central-1 + + # - name: Login to Amazon ECR + # id: login-ecr + # uses: aws-actions/amazon-ecr-login@v1 + + # - name: Build, tag, and push image to Amazon ECR + # id: build-image + # env: + # ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + # ECR_REPOSITORY: my-ecr-repo + # IMAGE_TAG: ${{ github.sha }} + # run: | + # # Build a docker container and + # # push it to ECR so that it can + # # be deployed to ECS. + # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + # docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + # echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" + + # - name: Fill in the new image ID in the Amazon ECS task definition + # id: task-def + # uses: aws-actions/amazon-ecs-render-task-definition@v1 + # with: + # task-definition: aws_deploy/task-def.json + # container-name: catpol + # image: ovidiub13/catpol + # image: ${{ steps.build-image.outputs.image }} + + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + # task-definition: ${{ steps.task-def.outputs.task-definition }} + task-definition: aws_deploy/task-def.json + service: CatPol-service + cluster: CatPol + wait-for-service-stability: true diff --git a/aws_deploy/task-def.json b/aws_deploy/task-def.json new file mode 100644 index 0000000..d8535c2 --- /dev/null +++ b/aws_deploy/task-def.json @@ -0,0 +1,28 @@ +{ + "family": "CatPol-test-task", + "containerDefinitions": [ + { + "name": "catpol", + "image": "ovidiub13/catpol", + "portMappings": [ + { + "hostPort": 8000, + "protocol": "tcp", + "containerPort": 8000 + }, + { + "hostPort": 80, + "containerPort": 80, + "protocol": "tcp" + } + ], + "essential": true + } + ], + "requiresCompatibilities": [ + "FARGATE" + ], + "cpu": "256", + "memory": "512", + "networkMode": "awsvpc" +} From acb2a0b96e0784219ee71215f343b9d401ccf6d3 Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 23 Nov 2019 21:27:04 +0200 Subject: [PATCH 02/13] Build Docker image and then deploy to Staging --- .github/workflows/aws.yml | 48 +++++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index e404fa8..fc16605 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -4,20 +4,40 @@ on: push: - branches: - - devel_issue#161 -name: Deploy to Amazon ECS +name: Build Docker image and deploy to Amazon ECS jobs: - deploy: - name: Deploy + build: + name: Build runs-on: ubuntu-latest + env: + DOCKER_HUB_USERNAME: ovidiub13 + RUN_ENVIRONMENT: dev steps: - name: Checkout uses: actions/checkout@v1 + - name: Build the Docker image + id: build-image + run: | + DOCKER_TAG=${GITHUB_REF##*/} + DOCKER_TAG=${DOCKER_TAG/\#/-} + docker build \ + --build-arg ENVIRONMENT=$RUN_ENVIRONMENT \ + -t $DOCKER_HUB_USERNAME/catpol:$DOCKER_TAG-$GITHUB_SHA \ + . + echo "::set-output name=image::$DOCKER_HUB_USERNAME/catpol:$DOCKER_TAG-$GITHUB_SHA" + + - name: Upload Docker image + run: | + echo ${{secrets.DOCKER_HUB_PASSWORD}} | \ + docker login \ + -u $DOCKER_HUB_USERNAME \ + --password-stdin + docker push ${{ steps.build-image.outputs.image }} + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: @@ -43,20 +63,18 @@ jobs: # docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG # echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" - # - name: Fill in the new image ID in the Amazon ECS task definition - # id: task-def - # uses: aws-actions/amazon-ecs-render-task-definition@v1 - # with: - # task-definition: aws_deploy/task-def.json - # container-name: catpol - # image: ovidiub13/catpol - # image: ${{ steps.build-image.outputs.image }} + - name: Fill in the new image ID in the Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: aws_deploy/task-def.json + container-name: catpol + image: ${{ steps.build-image.outputs.image }} - name: Deploy Amazon ECS task definition uses: aws-actions/amazon-ecs-deploy-task-definition@v1 with: - # task-definition: ${{ steps.task-def.outputs.task-definition }} - task-definition: aws_deploy/task-def.json + task-definition: ${{ steps.task-def.outputs.task-definition }} service: CatPol-service cluster: CatPol wait-for-service-stability: true From 9dfdc8a9d00b032f8d6b7c1f979b801d965fc8c7 Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 23 Nov 2019 22:32:53 +0200 Subject: [PATCH 03/13] Add info on how to create the Cluster and service --- .github/workflows/aws.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index fc16605..d2ad95a 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -2,6 +2,14 @@ # https://aws.amazon.com/blogs/opensource/github-actions-aws-fargate/ # https://www.theserverside.com/video/How-to-deploy-Docker-Hub-hosted-microservices-in-AWS-ECS +# Cluster and service must be created before hand: + +# aws ecs create-cluster --cluster-name Code4Romania +# aws ecs register-task-definition --region eu-central-1 --cli-input-json file://`pwd`/aws_deploy/task-def.json +# aws ecs create-service --service-name CatPol-service --task-definition CatPol-test-task:1 +# --desired-count 1 --launch-type "FARGATE" +# --network-configuration "awsvpcConfiguration={subnets=[subnet-1234abcd],securityGroups=[sg-1234abcd]}" + on: push: From 1989874c10615e3a68fbe5edaa27ed2490f99cbd Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 23 Nov 2019 22:33:22 +0200 Subject: [PATCH 04/13] remove unused block --- .github/workflows/aws.yml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index d2ad95a..c83e55d 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -53,24 +53,6 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: eu-central-1 - # - name: Login to Amazon ECR - # id: login-ecr - # uses: aws-actions/amazon-ecr-login@v1 - - # - name: Build, tag, and push image to Amazon ECR - # id: build-image - # env: - # ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - # ECR_REPOSITORY: my-ecr-repo - # IMAGE_TAG: ${{ github.sha }} - # run: | - # # Build a docker container and - # # push it to ECR so that it can - # # be deployed to ECS. - # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . - # docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - # echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" - - name: Fill in the new image ID in the Amazon ECS task definition id: task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 From b6de6e9414436a5b743b8662b02f13c2a2933844 Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 23 Nov 2019 22:34:30 +0200 Subject: [PATCH 05/13] Split deploy in separate job --- .github/workflows/aws.yml | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index c83e55d..baf59b9 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -15,13 +15,14 @@ on: name: Build Docker image and deploy to Amazon ECS +env: + DOCKER_HUB_USERNAME: ovidiub13 + RUN_ENVIRONMENT: dev + jobs: build: name: Build runs-on: ubuntu-latest - env: - DOCKER_HUB_USERNAME: ovidiub13 - RUN_ENVIRONMENT: dev steps: - name: Checkout @@ -46,6 +47,15 @@ jobs: --password-stdin docker push ${{ steps.build-image.outputs.image }} + deploy: + name: Deploy + runs-on: ubuntu-latest + needs: Build + + steps: + - name: Checkout + uses: actions/checkout@v1 + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: @@ -53,13 +63,20 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: eu-central-1 + - name: Output Docker image name + id: image-name + run: | + DOCKER_TAG=${GITHUB_REF##*/} + DOCKER_TAG=${DOCKER_TAG/\#/-} + echo "::set-output name=image::$DOCKER_HUB_USERNAME/catpol:$DOCKER_TAG-$GITHUB_SHA" + - name: Fill in the new image ID in the Amazon ECS task definition id: task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 with: task-definition: aws_deploy/task-def.json container-name: catpol - image: ${{ steps.build-image.outputs.image }} + image: ${{ steps.image-name.outputs.image }} - name: Deploy Amazon ECS task definition uses: aws-actions/amazon-ecs-deploy-task-definition@v1 From c1f9f4f83577b0715497a9a6a7b6fc1843b9df0b Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 23 Nov 2019 23:19:37 +0200 Subject: [PATCH 06/13] Tag image as latest if branch is master --- .github/workflows/aws.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index baf59b9..5ae44c0 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -47,8 +47,15 @@ jobs: --password-stdin docker push ${{ steps.build-image.outputs.image }} + - name: Tag Latest + if: github.ref == 'refs/heads/master' + run: | + docker tag ${{ steps.build-image.outputs.image }} $DOCKER_HUB_USERNAME/catpol:latest + docker push $DOCKER_HUB_USERNAME/catpol:latest + deploy: name: Deploy + if: github.ref == 'refs/heads/master' runs-on: ubuntu-latest needs: Build @@ -66,9 +73,7 @@ jobs: - name: Output Docker image name id: image-name run: | - DOCKER_TAG=${GITHUB_REF##*/} - DOCKER_TAG=${DOCKER_TAG/\#/-} - echo "::set-output name=image::$DOCKER_HUB_USERNAME/catpol:$DOCKER_TAG-$GITHUB_SHA" + echo "::set-output name=image::$DOCKER_HUB_USERNAME/catpol:latest" - name: Fill in the new image ID in the Amazon ECS task definition id: task-def From abf7e99a3df1abf66bb8ab8d1069ffa2fbce8ba0 Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 23 Nov 2019 23:41:38 +0200 Subject: [PATCH 07/13] Move task-def to workflows dir --- .github/workflows/aws.yml | 5 +++-- {aws_deploy => .github/workflows/aws_deploy}/task-def.json | 0 2 files changed, 3 insertions(+), 2 deletions(-) rename {aws_deploy => .github/workflows/aws_deploy}/task-def.json (100%) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index 5ae44c0..aa7cb07 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -5,7 +5,8 @@ # Cluster and service must be created before hand: # aws ecs create-cluster --cluster-name Code4Romania -# aws ecs register-task-definition --region eu-central-1 --cli-input-json file://`pwd`/aws_deploy/task-def.json +# aws ecs register-task-definition --region eu-central-1 +# --cli-input-json file://`pwd`/.github/workflows/aws_deploy/task-def.json # aws ecs create-service --service-name CatPol-service --task-definition CatPol-test-task:1 # --desired-count 1 --launch-type "FARGATE" # --network-configuration "awsvpcConfiguration={subnets=[subnet-1234abcd],securityGroups=[sg-1234abcd]}" @@ -79,7 +80,7 @@ jobs: id: task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 with: - task-definition: aws_deploy/task-def.json + task-definition: .github/workflows/aws_deploy/task-def.json container-name: catpol image: ${{ steps.image-name.outputs.image }} diff --git a/aws_deploy/task-def.json b/.github/workflows/aws_deploy/task-def.json similarity index 100% rename from aws_deploy/task-def.json rename to .github/workflows/aws_deploy/task-def.json From 41c2aadd63d5dd8355efcfd1f1a62cdb561ac468 Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 14 Dec 2019 15:10:44 +0200 Subject: [PATCH 08/13] Use Code4Ro naming for Docker images --- .github/workflows/aws.yml | 184 ++++++++++++------ .../aws_deploy/terraform/variables.tf | 10 + foo.sh | 11 ++ 3 files changed, 146 insertions(+), 59 deletions(-) create mode 100644 .github/workflows/aws_deploy/terraform/variables.tf create mode 100755 foo.sh diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index aa7cb07..fa5a37e 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -11,83 +11,149 @@ # --desired-count 1 --launch-type "FARGATE" # --network-configuration "awsvpcConfiguration={subnets=[subnet-1234abcd],securityGroups=[sg-1234abcd]}" -on: - push: +on: [push, pull_request] name: Build Docker image and deploy to Amazon ECS env: - DOCKER_HUB_USERNAME: ovidiub13 RUN_ENVIRONMENT: dev jobs: - build: - name: Build + test: + name: Test GHA security runs-on: ubuntu-latest - steps: - name: Checkout uses: actions/checkout@v1 - - - name: Build the Docker image - id: build-image - run: | - DOCKER_TAG=${GITHUB_REF##*/} - DOCKER_TAG=${DOCKER_TAG/\#/-} - docker build \ - --build-arg ENVIRONMENT=$RUN_ENVIRONMENT \ - -t $DOCKER_HUB_USERNAME/catpol:$DOCKER_TAG-$GITHUB_SHA \ - . - echo "::set-output name=image::$DOCKER_HUB_USERNAME/catpol:$DOCKER_TAG-$GITHUB_SHA" - - - name: Upload Docker image + - name: Script run: | - echo ${{secrets.DOCKER_HUB_PASSWORD}} | \ - docker login \ - -u $DOCKER_HUB_USERNAME \ - --password-stdin - docker push ${{ steps.build-image.outputs.image }} - - - name: Tag Latest - if: github.ref == 'refs/heads/master' - run: | - docker tag ${{ steps.build-image.outputs.image }} $DOCKER_HUB_USERNAME/catpol:latest - docker push $DOCKER_HUB_USERNAME/catpol:latest - - deploy: - name: Deploy - if: github.ref == 'refs/heads/master' + ./foo.sh ${{ secrets.DOCKER_HUB_ORGANIZATION }} + cat foo.txt + + # build: + # name: Build + # runs-on: ubuntu-latest + + # steps: + # - name: Checkout + # uses: actions/checkout@v1 + + # - name: Build the Docker image + # id: build-image + # run: | + # DOCKER_TAG=${GITHUB_REF##*/} + # DOCKER_TAG=${DOCKER_TAG/\#/-} + # DOCKER_IMAGE_TAG="$DOCKER_TAG-$GITHUB_SHA" + + # docker build . \ + # --build-arg ENVIRONMENT=$RUN_ENVIRONMENT \ + # --tag ${{ secrets.DOCKER_HUB_ORGANIZATION }}/${{ secrets.DOCKER_HUB_REPO }}:$DOCKER_IMAGE_TAG \ + + # echo "::set-output name=image::${{ secrets.DOCKER_HUB_ORGANIZATION }}/${{ secrets.DOCKER_HUB_REPO }}" + # echo "::set-output name=tag::$DOCKER_IMAGE_TAG" + + # - name: Upload Docker image + # if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' + # run: | + # echo ${{ secrets.DOCKER_HUB_PASSWORD }} | \ + # docker login \ + # -u ${{ secrets.DOCKER_HUB_USERNAME }} \ + # --password-stdin + # docker push ${{ steps.build-image.outputs.image }}:${{ steps.build-image.outputs.tag}} + + # - name: Tag Staging + # if: github.ref == 'refs/heads/develop' + # run: | + # docker tag \ + # ${{ steps.build-image.outputs.image }}:${{ steps.build-image.outputs.tag}} \ + # ${{ steps.build-image.outputs.image }}:staging + # docker push ${{ steps.build-image.outputs.image }}:staging + + # - name: Tag Latest + # if: github.ref == 'refs/heads/master' + # run: | + # docker tag \ + # ${{ steps.build-image.outputs.image }}:${{ steps.build-image.outputs.tag}} \ + # ${{ steps.build-image.outputs.image }}:latest + # docker push ${{ steps.build-image.outputs.image }}:latest + + infra: + name: Prepare Infrastructure + # if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' runs-on: ubuntu-latest - needs: Build + # needs: build steps: - name: Checkout uses: actions/checkout@v1 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + - name: 'Terraform Format' + uses: hashicorp/terraform-github-actions@master with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-central-1 - - - name: Output Docker image name - id: image-name - run: | - echo "::set-output name=image::$DOCKER_HUB_USERNAME/catpol:latest" - - - name: Fill in the new image ID in the Amazon ECS task definition - id: task-def - uses: aws-actions/amazon-ecs-render-task-definition@v1 + tf_actions_version: 0.12.13 + tf_actions_subcommand: 'fmt' + tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' + tf_actions_comment: 'false' + - name: 'Terraform Init' + uses: hashicorp/terraform-github-actions@master with: - task-definition: .github/workflows/aws_deploy/task-def.json - container-name: catpol - image: ${{ steps.image-name.outputs.image }} - - - name: Deploy Amazon ECS task definition - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + tf_actions_version: 0.12.13 + tf_actions_subcommand: 'init' + tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' + tf_actions_comment: 'false' + - name: 'Terraform Validate' + uses: hashicorp/terraform-github-actions@master + with: + tf_actions_version: 0.12.13 + tf_actions_subcommand: 'validate' + tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' + tf_actions_comment: 'false' + - name: 'Terraform Plan' + uses: hashicorp/terraform-github-actions@master + with: + tf_actions_version: 0.12.13 + tf_actions_subcommand: 'plan' + tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' + tf_actions_comment: 'false' + args: "--var secret=${{ secrets.DOCKER_HUB_ORGANIZATION }}" + - name: 'Terraform Apply' + uses: hashicorp/terraform-github-actions@master with: - task-definition: ${{ steps.task-def.outputs.task-definition }} - service: CatPol-service - cluster: CatPol - wait-for-service-stability: true + tf_actions_version: 0.12.13 + tf_actions_subcommand: 'apply' + tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' + tf_actions_comment: 'false' + args: "--var secret=${{ secrets.DOCKER_HUB_ORGANIZATION }}" + + # deploy: + # name: Deploy + # if: github.ref == 'refs/heads/master' + # runs-on: ubuntu-latest + # needs: infra + + # steps: + # - name: Checkout + # uses: actions/checkout@v1 + + # - name: Configure AWS credentials + # uses: aws-actions/configure-aws-credentials@v1 + # with: + # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # aws-region: eu-central-1 + + # - name: Fill in the new image ID in the Amazon ECS task definition + # id: task-def + # uses: aws-actions/amazon-ecs-render-task-definition@v1 + # with: + # task-definition: .github/workflows/aws_deploy/task-def.json + # container-name: catpol + # image: ${{ secrets.DOCKER_HUB_ORGANIZATION }}/${{ secrets.DOCKER_HUB_REPO }} + + # - name: Deploy Amazon ECS task definition + # uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + # with: + # task-definition: ${{ steps.task-def.outputs.task-definition }} + # service: CatPol-service + # cluster: CatPol + # wait-for-service-stability: true diff --git a/.github/workflows/aws_deploy/terraform/variables.tf b/.github/workflows/aws_deploy/terraform/variables.tf new file mode 100644 index 0000000..ec2edf7 --- /dev/null +++ b/.github/workflows/aws_deploy/terraform/variables.tf @@ -0,0 +1,10 @@ +variable "environment" { + default = "staging" +} + +variable "secret" {} + + +output "secret" { + value = "${var.secret}" +} diff --git a/foo.sh b/foo.sh new file mode 100755 index 0000000..2ea1127 --- /dev/null +++ b/foo.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +SOME_VAR="foo-$1" +echo $SOME_VAR + +echo $SOME_VAR > foo.txt + +foo="$1" +for (( i=0; i<${#foo}; i++ )); do + echo "${foo:$i:1}" +done From 7e4d6a76c80cb261b9384acba7c00f8862f6829f Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sat, 29 Feb 2020 11:14:54 +0200 Subject: [PATCH 09/13] fix markdown syntax --- .github/CONTRIBUTING.MD | 20 ++++++++++---------- .github/WORKFLOW.md | 24 +++++++++++++++--------- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/.github/CONTRIBUTING.MD b/.github/CONTRIBUTING.MD index 57f0d05..1c9abe4 100644 --- a/.github/CONTRIBUTING.MD +++ b/.github/CONTRIBUTING.MD @@ -4,7 +4,7 @@ This project is built by amazing volunteers, just like you, from different timezones, backgrounds and skills levels. So to make sure we're all on the same page, it would be great if we all followed a few guidelines. :two_hearts: -[Feedback](#feedback) | [How Can I Contribute?](#how-can-i-contribute) | [Best practices](#best-practices) | [About Code4Ro](#about-code4ro) | [Financial contributions](#financial-contributions) | [Code of conduct](#code-of-conduct) +[Feedback](#feedback) | [How Can I Contribute?](#how-can-i-contribute) | [Best practices](#best-practices) | [About Code4Ro](#about-code4ro) | [Financial contributions](#financial-contributions) | [Code of conduct](#code-of-conduct) ## Feedback @@ -12,9 +12,9 @@ Just have a quick question? Please e-mail us at at contact@code4.ro ## How can I contribute -### Report bugs +### Report bugs -:bug: Think you found a bug? Please check [the list of open issues](https://github.com/code4romania/catpol-declaratii/issues) to see if your bug has already been reported. If it hasn't please [submit a new issue](https://github.com/code4romania/catpol-declaratii/issues/new). +:bug: Think you found a bug? Please check [the list of open issues](https://github.com/code4romania/catpol-declaratii/issues) to see if your bug has already been reported. If it hasn't please [submit a new issue](https://github.com/code4romania/catpol-declaratii/issues/new). :shield: If you find a **security vulnerability**, do not open an issue. Please email contact@code4.ro instead. @@ -26,29 +26,29 @@ Please be as specific as possible when describing the issue. Explain the problem * Actual behavior * Reproduces how often +### Suggest new features -### Suggest new features - -:bulb: Feature requests are welcome. We would love to hear your thoughts on how we can improve our project further. +:bulb: Feature requests are welcome. We would love to hear your thoughts on how we can improve our project further. To send us a suggestion, just [open an issue](https://github.com/code4romania/catpol-declaratii/issues/new) which describes the feature you would like to see. Give as much information as you can about what you would like to see: * Description -* Step by step behaviour +* Step by step behaviour * Explain why this enhancement would be useful -### Contribute to the codebase +### Contribute to the codebase :computer: We'd love for you to get your hands dirty and code for the project. -If you are unsure where to begin contributing to the project, you can start by looking through these issues: +If you are unsure where to begin contributing to the project, you can start by looking through these issues: + * [Good first issues](https://github.com/code4romania/catpol-declaratii/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) Please make sure to check out the suggested coding [best practices](#best-practices) and tips with working with git below :wink: ## Best practices -### Coding best practices :ok_hand: +### Coding best practices 👌 * **The language we code in is English.** Please name your variables, methods, classes and other structures using English words. * Use clean code conventions :heavy_check_mark: *tip: read [The book](https://www.goodreads.com/book/show/3735293-clean-code) if you haven't already. Or check out [a summary](https://gist.github.com/wojteklu/73c6914cc446146b8b533c0988cf8d29)* diff --git a/.github/WORKFLOW.md b/.github/WORKFLOW.md index e97493f..c72346c 100755 --- a/.github/WORKFLOW.md +++ b/.github/WORKFLOW.md @@ -1,3 +1,5 @@ +# Workflow + Whether you're trying to give back to the open source community or collaborating on your own projects, knowing how to properly fork and generate pull requests is essential. Unfortunately, it's quite easy to make mistakes or not know what you should do when you're initially learning the process. I know that I certainly had considerable initial trouble with it, and I found a lot of the information on GitHub and around the internet to be rather piecemeal and incomplete - part of the process described here, another there, common hangups in a different place, and so on. In an attempt to coallate this information for myself and others, this short tutorial is what I've found to be fairly standard procedure for creating a fork, doing your work, issuing a pull request, and merging that pull request back into the original project. @@ -48,6 +50,7 @@ Now, your local master branch is up-to-date with everything modified upstream. ## Doing Your Work ### Create a Branch + Whenever you begin work on a new feature or bugfix, it's important that you create a new branch. Not only is it proper git workflow, but it also keeps your changes organized and separated from the master branch so that you can easily submit and manage multiple pull requests for every task you complete. To create a new branch and start working on it: @@ -88,7 +91,7 @@ Now, it may be desirable to squash some of your smaller commits down into a smal ```shell # Rebase all commits on your development branch -git checkout +git checkout git rebase -i master ``` @@ -103,9 +106,10 @@ Once you've committed and pushed all of your changes to GitHub, go to the page f Take note that unlike the previous sections which were written from the perspective of someone that created a fork and generated a pull request, this section is written from the perspective of the original repository owner who is handling an incoming pull request. Thus, where the "forker" was referring to the original repository as `upstream`, we're now looking at it as the owner of that original repository and the standard `origin` remote. ### Checking Out and Testing Pull Requests + Open up the `.git/config` file and add a new line under `[remote "origin"]`: -``` +```config fetch = +refs/pull/*/head:refs/pull/origin/* ``` @@ -122,9 +126,11 @@ git checkout -b 999 pull/origin/999 Keep in mind that these branches will be read only and you won't be able to push any changes. ### Automatically Merging a Pull Request + In cases where the merge would be a simple fast-forward, you can automatically do the merge by just clicking the button on the pull request page on GitHub. ### Manually Merging a Pull Request + To do the merge manually, you'll need to checkout the target branch in the source repo, pull directly from the fork, and then merge and push. ```shell @@ -147,18 +153,18 @@ Now that you're done with the development branch, you're free to delete it. git branch -d newfeature ``` +## Copyright +Copyright 2017, Chase Pettit -**Copyright** +MIT License, -Copyright 2017, Chase Pettit +## Additional Reading -MIT License, http://www.opensource.org/licenses/mit-license.php - -**Additional Reading** * [Atlassian - Merging vs. Rebasing](https://www.atlassian.com/git/tutorials/merging-vs-rebasing) -**Sources** +## Sources + * [GitHub - Fork a Repo](https://help.github.com/articles/fork-a-repo) * [GitHub - Syncing a Fork](https://help.github.com/articles/syncing-a-fork) -* [GitHub - Checking Out a Pull Request](https://help.github.com/articles/checking-out-pull-requests-locally) \ No newline at end of file +* [GitHub - Checking Out a Pull Request](https://help.github.com/articles/checking-out-pull-requests-locally) From 894d909bb8b58f14a7f35e89ffc90238b5c3e654 Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sun, 1 Mar 2020 01:22:27 +0200 Subject: [PATCH 10/13] use Terraform 0.12.21 in workflow --- .github/workflows/aws.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index fa5a37e..776cf77 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -90,28 +90,28 @@ jobs: - name: 'Terraform Format' uses: hashicorp/terraform-github-actions@master with: - tf_actions_version: 0.12.13 + tf_actions_version: 0.12.21 tf_actions_subcommand: 'fmt' tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' tf_actions_comment: 'false' - name: 'Terraform Init' uses: hashicorp/terraform-github-actions@master with: - tf_actions_version: 0.12.13 + tf_actions_version: 0.12.21 tf_actions_subcommand: 'init' tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' tf_actions_comment: 'false' - name: 'Terraform Validate' uses: hashicorp/terraform-github-actions@master with: - tf_actions_version: 0.12.13 + tf_actions_version: 0.12.21 tf_actions_subcommand: 'validate' tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' tf_actions_comment: 'false' - name: 'Terraform Plan' uses: hashicorp/terraform-github-actions@master with: - tf_actions_version: 0.12.13 + tf_actions_version: 0.12.21 tf_actions_subcommand: 'plan' tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' tf_actions_comment: 'false' @@ -119,7 +119,7 @@ jobs: - name: 'Terraform Apply' uses: hashicorp/terraform-github-actions@master with: - tf_actions_version: 0.12.13 + tf_actions_version: 0.12.21 tf_actions_subcommand: 'apply' tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' tf_actions_comment: 'false' From 544b3cdbd111db6a01b9adebea82f3236b1038b5 Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sun, 1 Mar 2020 01:23:58 +0200 Subject: [PATCH 11/13] Add initial terraform for deploy --- .github/workflows/aws_deploy/database.tf | 28 ++++ .../workflows/aws_deploy/load-balancing.tf | 27 ++++ .github/workflows/aws_deploy/main.tf | 7 + .github/workflows/aws_deploy/networking.tf | 143 ++++++++++++++++++ .github/workflows/aws_deploy/secrets.tf | 28 ++++ .github/workflows/aws_deploy/service.tf | 48 ++++++ .github/workflows/aws_deploy/task-def.json | 28 ---- .../aws_deploy/task-def_template.json | 23 +++ .../aws_deploy/terraform/variables.tf | 10 -- .github/workflows/aws_deploy/variables.tf | 9 ++ .gitignore | 5 +- 11 files changed, 317 insertions(+), 39 deletions(-) create mode 100644 .github/workflows/aws_deploy/database.tf create mode 100644 .github/workflows/aws_deploy/load-balancing.tf create mode 100644 .github/workflows/aws_deploy/main.tf create mode 100644 .github/workflows/aws_deploy/networking.tf create mode 100644 .github/workflows/aws_deploy/secrets.tf create mode 100644 .github/workflows/aws_deploy/service.tf delete mode 100644 .github/workflows/aws_deploy/task-def.json create mode 100644 .github/workflows/aws_deploy/task-def_template.json delete mode 100644 .github/workflows/aws_deploy/terraform/variables.tf create mode 100644 .github/workflows/aws_deploy/variables.tf diff --git a/.github/workflows/aws_deploy/database.tf b/.github/workflows/aws_deploy/database.tf new file mode 100644 index 0000000..0039c27 --- /dev/null +++ b/.github/workflows/aws_deploy/database.tf @@ -0,0 +1,28 @@ +resource "aws_db_instance" "main" { + name = local.prefix + engine = "postgres" + engine_version = "11.6" + instance_class = "db.t2.micro" + + allocated_storage = 10 + apply_immediately = true + backup_retention_period = 5 + db_subnet_group_name = aws_db_subnet_group.main + multi_az = true + skip_final_snapshot = true + + username = aws_ssm_parameter.db_username.value + password = aws_ssm_parameter.db_password.value + + tags = { + Name = local.prefix + } +} + +resource "aws_db_subnet_group" "main" { + name = local.prefix + subnet_ids = ["${aws_subnet.private-db.*.id}"] + tags = { + Name = local.prefix + } +} diff --git a/.github/workflows/aws_deploy/load-balancing.tf b/.github/workflows/aws_deploy/load-balancing.tf new file mode 100644 index 0000000..8e8715d --- /dev/null +++ b/.github/workflows/aws_deploy/load-balancing.tf @@ -0,0 +1,27 @@ +resource "aws_alb" "main" { + load_balancer_type = "application" + name = local.prefix + subnets = [aws_subnet.public] + tags = { + Name = local.prefix + } +} + +resource "aws_alb_listener" "main" { + load_balancer_arn = aws_alb.main + port = 80 + + default_action { + type = "forward" + target_group_arn = aws_alb_target_group.main.id + } +} + +resource "aws_alb_target_group" "main" { + name = local.prefix + vpc_id = aws_vpc.app.id + + tags = { + Name = local.prefix + } +} diff --git a/.github/workflows/aws_deploy/main.tf b/.github/workflows/aws_deploy/main.tf new file mode 100644 index 0000000..8355de3 --- /dev/null +++ b/.github/workflows/aws_deploy/main.tf @@ -0,0 +1,7 @@ +provider "aws" { + region = "eu-central-1" +} + +locals { + prefix = "catpol" +} diff --git a/.github/workflows/aws_deploy/networking.tf b/.github/workflows/aws_deploy/networking.tf new file mode 100644 index 0000000..6073c57 --- /dev/null +++ b/.github/workflows/aws_deploy/networking.tf @@ -0,0 +1,143 @@ +locals { + subnet_count_app = 1 + subnet_count_public = 2 + subnet_count_db = 2 +} + +data "aws_availability_zones" "available" { + state = "available" +} + +resource "aws_vpc" "app" { + cidr_block = "10.0.0.0/28" + + tags = { + Name = local.prefix + } +} + +################################################# +# Subnets +################################################# + +resource "aws_subnet" "public" { + count = local.subnet_count_public + vpc_id = aws_vpc.app.id + cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 3, count.index) + availability_zone = data.aws_availability_zones.available.names[count.index] + + tags = { + Name = "${local.prefix}-public" + } +} + +resource "aws_subnet" "private-app" { + count = local.subnet_count_app + vpc_id = aws_vpc.app.id + cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 3, local.subnet_count_public + count.index) + availability_zone = data.aws_availability_zones.available.names[count.index] + + tags = { + Name = "${local.prefix}-private-app" + } +} + +resource "aws_subnet" "private-db" { + count = local.subnet_count_db + vpc_id = aws_vpc.app.id + cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 3, local.subnet_count_public + local.subnet_count_app + count.index) + availability_zone = data.aws_availability_zones.available.names[count.index] + + tags = { + Name = "${local.prefix}-private-db" + } +} + +################################################# +# Gateways +################################################# + +resource "aws_internet_gateway" "public" { + vpc_id = aws_vpc.app.id + + tags = { + Name = "${local.prefix}-public" + } +} + +resource "aws_eip" "private" { + vpc = aws_vpc.app.id + + tags = { + Name = "${local.prefix}-private-app" + } +} + +resource "aws_nat_gateway" "private" { + allocation_id = aws_eip.private.id + subnet_id = element(aws_subnet.public.*.id, 0) + + tags = { + Name = "${local.prefix}-private-app" + } +} + +################################################# +# Route tables +################################################# + +resource "aws_route_table" "public" { + vpc_id = aws_vpc.app.id + + tags = { + Name = "${local.prefix}-public" + } +} + +resource "aws_route_table" "private-app" { + vpc_id = aws_vpc.app.id + + tags = { + Name = "${local.prefix}-private-app" + } +} + +resource "aws_route_table" "private-db" { + vpc_id = aws_vpc.app.id + + tags = { + Name = "${local.prefix}-private-db" + } +} + +################################################# +# Routes +################################################# + +resource "aws_route_table_association" "public-gw" { + route_table_id = aws_route_table.public.id + gateway_id = aws_internet_gateway.public.id +} + +resource "aws_route_table_association" "private-gw" { + route_table_id = aws_route_table.private-app.id + gateway_id = aws_nat_gateway.private.id +} + +resource "aws_route_table_association" "public" { + count = local.subnet_count_public + route_table_id = aws_route_table.private-app.id + subnet_id = element(aws_subnet.public.*.id, count.index) +} + +resource "aws_route_table_association" "private-app" { + count = local.subnet_count_app + route_table_id = aws_route_table.private-app.id + subnet_id = element(aws_subnet.private-app.*.id, count.index) +} + +resource "aws_route_table_association" "private-db" { + count = local.subnet_count_db + route_table_id = aws_route_table.private-db.id + subnet_id = element(aws_subnet.private-db.*.id, count.index) +} diff --git a/.github/workflows/aws_deploy/secrets.tf b/.github/workflows/aws_deploy/secrets.tf new file mode 100644 index 0000000..ba93c67 --- /dev/null +++ b/.github/workflows/aws_deploy/secrets.tf @@ -0,0 +1,28 @@ +resource "aws_ssm_parameter" "db_username" { + name = "/${local.prefix}/db_username" + value = var.db_username + type = "SecureString" + key_id = aws_kms_key.main.id + + tags = { + Name = local.prefix + } +} + +resource "aws_ssm_parameter" "db_password" { + name = "/${local.prefix}/db_password" + value = var.db_password + type = "SecureString" + key_id = aws_kms_key.main.id + + tags = { + Name = local.prefix + } +} + +resource "aws_kms_key" "main" { + description = "Key for ${local.prefix} for secret variables" + tags = { + Name = local.prefix + } +} diff --git a/.github/workflows/aws_deploy/service.tf b/.github/workflows/aws_deploy/service.tf new file mode 100644 index 0000000..dd6b1c8 --- /dev/null +++ b/.github/workflows/aws_deploy/service.tf @@ -0,0 +1,48 @@ +locals { + container_name = "catpol" + container_port = 8000 +} + +resource "aws_ecs_cluster" "app" { + name = local.prefix + + tags = { + Name = local.prefix + } +} + +resource "aws_ecs_service" "app" { + name = local.prefix + cluster = aws_ecs_cluster.app.id + task_definition = aws_ecs_task_definition.app.id + desired_count = 1 + launch_type = "FARGATE" + # iam_role = + # depends_on = [] + + load_balancer { + target_group_arn = aws_alb_target_group.main.id + container_name = local.container_name + container_port = local.container_port + } +} + +resource "aws_ecs_task_definition" "app" { + family = local.prefix + container_definitions = data.template_file.task-def.rendered + requires_compatibilities = ["FARGATE"] + cpu = 1 + memory = 1024 +} + +data "template_file" "task-def" { + template = file("task-def_template.json") + vars = { + container_name = local.container_name + container_port = local.container_port + container_image = var.docker_image + + db_username = aws_ssm_parameter.db_username.value + db_password = aws_ssm_parameter.db_password.value + } +} diff --git a/.github/workflows/aws_deploy/task-def.json b/.github/workflows/aws_deploy/task-def.json deleted file mode 100644 index d8535c2..0000000 --- a/.github/workflows/aws_deploy/task-def.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "family": "CatPol-test-task", - "containerDefinitions": [ - { - "name": "catpol", - "image": "ovidiub13/catpol", - "portMappings": [ - { - "hostPort": 8000, - "protocol": "tcp", - "containerPort": 8000 - }, - { - "hostPort": 80, - "containerPort": 80, - "protocol": "tcp" - } - ], - "essential": true - } - ], - "requiresCompatibilities": [ - "FARGATE" - ], - "cpu": "256", - "memory": "512", - "networkMode": "awsvpc" -} diff --git a/.github/workflows/aws_deploy/task-def_template.json b/.github/workflows/aws_deploy/task-def_template.json new file mode 100644 index 0000000..af94448 --- /dev/null +++ b/.github/workflows/aws_deploy/task-def_template.json @@ -0,0 +1,23 @@ +[ + { + "Name": "${container_name}", + "Image": "${container_image}", + "PortMappings": [ + { + "Protocol": "tcp", + "ContainerPort": "${container_port}" + } + ], + "Essential": true, + "Secrets": [ + { + "Name": "db_username", + "ValueFrom": "${db_username}" + }, + { + "Name": "db_password", + "ValueFrom": "${db_password}" + } + ] + } +] diff --git a/.github/workflows/aws_deploy/terraform/variables.tf b/.github/workflows/aws_deploy/terraform/variables.tf deleted file mode 100644 index ec2edf7..0000000 --- a/.github/workflows/aws_deploy/terraform/variables.tf +++ /dev/null @@ -1,10 +0,0 @@ -variable "environment" { - default = "staging" -} - -variable "secret" {} - - -output "secret" { - value = "${var.secret}" -} diff --git a/.github/workflows/aws_deploy/variables.tf b/.github/workflows/aws_deploy/variables.tf new file mode 100644 index 0000000..2ac3c83 --- /dev/null +++ b/.github/workflows/aws_deploy/variables.tf @@ -0,0 +1,9 @@ +variable "environment" { + default = "staging" +} + +variable "docker_image" {} + +variable "db_username" {} + +variable "db_password" {} diff --git a/.gitignore b/.gitignore index 5898f22..6d4ffcd 100644 --- a/.gitignore +++ b/.gitignore @@ -34,4 +34,7 @@ wheels/ *.egg MANIFEST -.DS_STORE \ No newline at end of file +.DS_STORE + +# Terraform +.terraform From 7c11ea885e00a854780b19f2cdf5f79cdf46ebb7 Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sun, 1 Mar 2020 18:13:10 +0200 Subject: [PATCH 12/13] Fix subnetting, add some output and start security --- .github/workflows/aws_deploy/database.tf | 5 ++- .../workflows/aws_deploy/load-balancing.tf | 8 +++- .github/workflows/aws_deploy/networking.tf | 30 +++++++++++--- .github/workflows/aws_deploy/security.tf | 39 +++++++++++++++++++ .../aws_deploy/task-def_template.json | 22 +++++------ .github/workflows/aws_deploy/variables.tf | 4 -- .gitignore | 2 + 7 files changed, 86 insertions(+), 24 deletions(-) create mode 100644 .github/workflows/aws_deploy/security.tf diff --git a/.github/workflows/aws_deploy/database.tf b/.github/workflows/aws_deploy/database.tf index 0039c27..0bbf59f 100644 --- a/.github/workflows/aws_deploy/database.tf +++ b/.github/workflows/aws_deploy/database.tf @@ -7,9 +7,10 @@ resource "aws_db_instance" "main" { allocated_storage = 10 apply_immediately = true backup_retention_period = 5 - db_subnet_group_name = aws_db_subnet_group.main + db_subnet_group_name = aws_db_subnet_group.main.name multi_az = true skip_final_snapshot = true + vpc_security_group_ids = [aws_security_group.intra.id] username = aws_ssm_parameter.db_username.value password = aws_ssm_parameter.db_password.value @@ -21,7 +22,7 @@ resource "aws_db_instance" "main" { resource "aws_db_subnet_group" "main" { name = local.prefix - subnet_ids = ["${aws_subnet.private-db.*.id}"] + subnet_ids = aws_subnet.private-db.*.id tags = { Name = local.prefix } diff --git a/.github/workflows/aws_deploy/load-balancing.tf b/.github/workflows/aws_deploy/load-balancing.tf index 8e8715d..eb73626 100644 --- a/.github/workflows/aws_deploy/load-balancing.tf +++ b/.github/workflows/aws_deploy/load-balancing.tf @@ -1,14 +1,18 @@ resource "aws_alb" "main" { load_balancer_type = "application" name = local.prefix - subnets = [aws_subnet.public] + subnets = aws_subnet.public.*.id tags = { Name = local.prefix } } +output "Load-Balancer DNS" { + value = aws_alb.main.dns_name +} + resource "aws_alb_listener" "main" { - load_balancer_arn = aws_alb.main + load_balancer_arn = aws_alb.main.arn port = 80 default_action { diff --git a/.github/workflows/aws_deploy/networking.tf b/.github/workflows/aws_deploy/networking.tf index 6073c57..362bdaa 100644 --- a/.github/workflows/aws_deploy/networking.tf +++ b/.github/workflows/aws_deploy/networking.tf @@ -9,13 +9,17 @@ data "aws_availability_zones" "available" { } resource "aws_vpc" "app" { - cidr_block = "10.0.0.0/28" + cidr_block = "10.0.0.0/16" tags = { Name = local.prefix } } +output "VPC CIDR" { + value = aws_vpc.app.cidr_block +} + ################################################# # Subnets ################################################# @@ -23,7 +27,7 @@ resource "aws_vpc" "app" { resource "aws_subnet" "public" { count = local.subnet_count_public vpc_id = aws_vpc.app.id - cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 3, count.index) + cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 8, count.index) availability_zone = data.aws_availability_zones.available.names[count.index] tags = { @@ -31,10 +35,14 @@ resource "aws_subnet" "public" { } } +output "Subnet Public CIDR" { + value = aws_subnet.public.*.cidr_block +} + resource "aws_subnet" "private-app" { count = local.subnet_count_app vpc_id = aws_vpc.app.id - cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 3, local.subnet_count_public + count.index) + cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 8, local.subnet_count_public + count.index) availability_zone = data.aws_availability_zones.available.names[count.index] tags = { @@ -42,10 +50,14 @@ resource "aws_subnet" "private-app" { } } +output "Subnet Private App CIDR" { + value = aws_subnet.private-app.*.cidr_block +} + resource "aws_subnet" "private-db" { count = local.subnet_count_db vpc_id = aws_vpc.app.id - cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 3, local.subnet_count_public + local.subnet_count_app + count.index) + cidr_block = cidrsubnet(aws_vpc.app.cidr_block, 8, local.subnet_count_public + local.subnet_count_app + count.index) availability_zone = data.aws_availability_zones.available.names[count.index] tags = { @@ -53,6 +65,10 @@ resource "aws_subnet" "private-db" { } } +output "Subnet Private DB CIDR" { + value = aws_subnet.private-db.*.cidr_block +} + ################################################# # Gateways ################################################# @@ -66,13 +82,17 @@ resource "aws_internet_gateway" "public" { } resource "aws_eip" "private" { - vpc = aws_vpc.app.id + vpc = true tags = { Name = "${local.prefix}-private-app" } } +output "NAT Egress Elastic IP" { + value = aws_eip.private.private_ip +} + resource "aws_nat_gateway" "private" { allocation_id = aws_eip.private.id subnet_id = element(aws_subnet.public.*.id, 0) diff --git a/.github/workflows/aws_deploy/security.tf b/.github/workflows/aws_deploy/security.tf new file mode 100644 index 0000000..97581d4 --- /dev/null +++ b/.github/workflows/aws_deploy/security.tf @@ -0,0 +1,39 @@ +resource "aws_security_group" "public" { + name = "${local.prefix}-public" + description = "Public access" + vpc_id = aws_vpc.app.id + tags = { + Name = "${local.prefix}-public" + } +} + +resource "aws_security_group" "intra" { + name = "${local.prefix}-intra" + description = "Intra-service access. Used for App-DB communication." + vpc_id = aws_vpc.app.id + tags = { + Name = "${local.prefix}-intra" + } +} + +resource "aws_security_group_rule" "public" { + description = "Give public access on HTTP" + security_group_id = aws_security_group.public + + cidr_blocks = "0.0.0.0/0" + from_port = 80 + to_port = 80 + protocol = "tcp" + type = "ingress" +} + +resource "aws_security_group_rule" "intra" { + description = "Allow intra-service communication" + security_group_id = aws_security_group.intra + + from_port = -1 + to_port = -1 + protocol = "all" + type = "ingress" + self = true +} diff --git a/.github/workflows/aws_deploy/task-def_template.json b/.github/workflows/aws_deploy/task-def_template.json index af94448..884886c 100644 --- a/.github/workflows/aws_deploy/task-def_template.json +++ b/.github/workflows/aws_deploy/task-def_template.json @@ -1,22 +1,22 @@ [ { - "Name": "${container_name}", - "Image": "${container_image}", - "PortMappings": [ + "name": "${container_name}", + "image": "${container_image}", + "portMappings": [ { - "Protocol": "tcp", - "ContainerPort": "${container_port}" + "protocol": "tcp", + "containerPort": ${container_port} } ], - "Essential": true, - "Secrets": [ + "essential": true, + "secrets": [ { - "Name": "db_username", - "ValueFrom": "${db_username}" + "name": "db_username", + "valueFrom": "${db_username}" }, { - "Name": "db_password", - "ValueFrom": "${db_password}" + "name": "db_password", + "valueFrom": "${db_password}" } ] } diff --git a/.github/workflows/aws_deploy/variables.tf b/.github/workflows/aws_deploy/variables.tf index 2ac3c83..5c7d5f9 100644 --- a/.github/workflows/aws_deploy/variables.tf +++ b/.github/workflows/aws_deploy/variables.tf @@ -1,7 +1,3 @@ -variable "environment" { - default = "staging" -} - variable "docker_image" {} variable "db_username" {} diff --git a/.gitignore b/.gitignore index 6d4ffcd..1f27df4 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,5 @@ MANIFEST # Terraform .terraform +*terraform.tfstate* +*.tfvars From 6558f2afcc8527285a8d1808e7ac5a7d0bec512a Mon Sep 17 00:00:00 2001 From: Ovidiu-Florin BOGDAN Date: Sun, 1 Mar 2020 18:13:56 +0200 Subject: [PATCH 13/13] temporarily disable TF apply in GHA --- .github/workflows/aws.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index 776cf77..378db16 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -116,14 +116,14 @@ jobs: tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' tf_actions_comment: 'false' args: "--var secret=${{ secrets.DOCKER_HUB_ORGANIZATION }}" - - name: 'Terraform Apply' - uses: hashicorp/terraform-github-actions@master - with: - tf_actions_version: 0.12.21 - tf_actions_subcommand: 'apply' - tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' - tf_actions_comment: 'false' - args: "--var secret=${{ secrets.DOCKER_HUB_ORGANIZATION }}" + # - name: 'Terraform Apply' + # uses: hashicorp/terraform-github-actions@master + # with: + # tf_actions_version: 0.12.21 + # tf_actions_subcommand: 'apply' + # tf_actions_working_dir: '.github/workflows/aws_deploy/terraform' + # tf_actions_comment: 'false' + # args: "--var secret=${{ secrets.DOCKER_HUB_ORGANIZATION }}" # deploy: # name: Deploy