From 6e3670ab7c18e055dc89a336ee551bd50359bdf9 Mon Sep 17 00:00:00 2001 From: rgraue Date: Mon, 25 Mar 2024 18:41:29 -0700 Subject: [PATCH 1/3] init s3 bucket --- .github/workflows/terraform-plan.yml | 52 ++++++++++++++++++++++ 404.html | 4 ++ index.html | 4 ++ terraform/main.tf | 66 ++++++++++++++++++++++++++++ terraform/provider.tf | 14 ++++++ 5 files changed, 140 insertions(+) create mode 100644 .github/workflows/terraform-plan.yml create mode 100644 404.html create mode 100644 index.html create mode 100644 terraform/main.tf create mode 100644 terraform/provider.tf diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml new file mode 100644 index 0000000..97ee927 --- /dev/null +++ b/.github/workflows/terraform-plan.yml @@ -0,0 +1,52 @@ +name: "tf plan" +on: + pull_request: + +env: + TF_CLOUD_ORGANIZATION: "zwell-test" + TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" + TF_WORKSPACE: "dev-test" + CONFIG_DIRECTORY: "./terraform/" + +jobs: + # Add jobs in to run checks + # linting + # unit test + + terraform: + name: "tf plan devtest" + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v3 + + # uploads/initiates a configuration in terraform + # akin to terraform init + - name: Upload Configuration + uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.0 + id: plan-upload + with: + workspace: ${{ env.TF_WORKSPACE }} + directory: ${{ env.CONFIG_DIRECTORY }} + speculative: true + + # runs changes in terrafrom/ against current state to create a tf.plan + # tarraform plan + - name: Create Plan Run + uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.0 + id: plan-run + with: + workspace: ${{ env.TF_WORKSPACE }} + configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} + plan_only: true + + # Gets the plan and logs it in pipeline for debugging + - name: Get Plan Output + uses: hashicorp/tfc-workflows-github/actions/plan-output@v1.0.0 + id: plan-output + with: + plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} + \ No newline at end of file diff --git a/404.html b/404.html new file mode 100644 index 0000000..9f93c52 --- /dev/null +++ b/404.html @@ -0,0 +1,4 @@ + + +

zwell's 404

+ \ No newline at end of file diff --git a/index.html b/index.html new file mode 100644 index 0000000..d1d2a24 --- /dev/null +++ b/index.html @@ -0,0 +1,4 @@ + + +

Welcome to dev.app.zwell.com

+ \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..6b1f66e --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,66 @@ +resource "aws_s3_bucket" "zwell-static-hosting-bucket" { + bucket = "dev.app.zwellhom.com" +} + +resource "aws_s3_bucket_website_configuration" "www_bucket" { + bucket = aws_s3_bucket.zwell-static-hosting-bucket.id + + index_document { + suffix = "index.html" + } + + error_document { + key = "404.html" + } +} + +resource "aws_s3_bucket_public_access_block" "bucket_access_block" { + bucket = aws_s3_bucket.zwell-static-hosting-bucket.id + + block_public_acls = false + block_public_policy = false +} + +resource "aws_s3_bucket_policy" "bucket_policy" { + bucket = aws_s3_bucket.zwell-static-hosting-bucket.id + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Effect = "Allow" + Principal = "*" + Action = [ + "s3:GetObject" + ] + Resource = [ + "${aws_s3_bucket.zwell-static-hosting-bucket.arn}/*" + ] + Condition = { + IpAdress = { + "aws:SourceIp "= [ + "173.245.48.0/20", + "103.21.244.0/22", + "103.22.200.0/22", + "103.31.4.0/22", + "141.101.64.0/18", + "108.162.192.0/18", + "190.93.240.0/20", + "188.114.96.0/20", + "197.234.240.0/22", + "198.41.128.0/17", + "162.158.0.0/15", + "104.16.0.0/13", + "104.24.0.0/14", + "172.64.0.0/13", + "131.0.72.0/22" + ] + } + } + } + ] + }) +} + +# IP Adresses are cloudflare's proxy ips +# https://www.cloudflare.com/ips-v4/# \ No newline at end of file diff --git a/terraform/provider.tf b/terraform/provider.tf new file mode 100644 index 0000000..5bb9948 --- /dev/null +++ b/terraform/provider.tf @@ -0,0 +1,14 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } + + required_version = "~> 1.7" +} + +provider "aws" { + region = "us-west-2" +} \ No newline at end of file From aa879d51675153d5aeacb8a3ab081a6b137abf04 Mon Sep 17 00:00:00 2001 From: rgraue Date: Mon, 25 Mar 2024 18:43:06 -0700 Subject: [PATCH 2/3] update tf workspace --- .github/workflows/terraform-plan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index 97ee927..f419ca1 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -5,7 +5,7 @@ on: env: TF_CLOUD_ORGANIZATION: "zwell-test" TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" - TF_WORKSPACE: "dev-test" + TF_WORKSPACE: "static-hosting" CONFIG_DIRECTORY: "./terraform/" jobs: From 3d97af18f44eb421961ad23506a7f6612d69c920 Mon Sep 17 00:00:00 2001 From: rgraue Date: Mon, 25 Mar 2024 18:56:19 -0700 Subject: [PATCH 3/3] update deploy job --- .github/workflows/terraform-apply.yml | 80 +++++++++++++++++++++++++++ terraform/main.tf | 2 +- 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/terraform-apply.yml diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml new file mode 100644 index 0000000..0825636 --- /dev/null +++ b/.github/workflows/terraform-apply.yml @@ -0,0 +1,80 @@ +name: "Terraform Apply" + +on: + push: + branches: + - main + +env: + TF_CLOUD_ORGANIZATION: "zwell-test" + TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" + AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" + AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" + BUILD_VERSION: "${{ github.sha }}" + TF_WORKSPACE: "static-hosting" + CONFIG_DIRECTORY: "./terraform/" + AWS_DEFAULT_REGION: "us-west-2" + +jobs: + # builds and pushes image to ecr + terraform: + name: "Terraform Apply" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout + uses: actions/checkout@v3 + + # Gets the most current config (tf.plan) for org + workspace combo + - name: Upload Configuration + uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.0 + id: apply-upload + with: + workspace: ${{ env.TF_WORKSPACE }} + directory: ${{ env.CONFIG_DIRECTORY }} + + # runs changes in terrafrom/ against current state to create a tf.plan + # tarraform plan + - name: Create Apply Run + uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.0 + id: apply-run + env: + TF_VAR_image_tag: "\"${{ env.BUILD_VERSION }}\"" + with: + workspace: ${{ env.TF_WORKSPACE }} + configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }} + + # terraform apply the plan + - name: Apply + uses: hashicorp/tfc-workflows-github/actions/apply-run@v1.0.0 + if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable + id: apply + with: + run: ${{ steps.apply-run.outputs.run_id }} + comment: "Apply Run from GitHub Actions CI ${{ github.sha }}" + + # Once uplaoding current build and not squashing, move before tf apply + # bucket needs to be there first... + s3: + name: "Push to s3" + needs: terraform + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ env.AWS_DEFAULT_REGION }} + + - name: Upload assets to s3 + shell: bash + run: | + aws s3 cp ./index.html s3://dev.app.zwellhome.com/index.html + aws s3 cp ./404.html s3://dev.app.zwellhome.com/404.html + + \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf index 6b1f66e..342bc30 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,5 +1,5 @@ resource "aws_s3_bucket" "zwell-static-hosting-bucket" { - bucket = "dev.app.zwellhom.com" + bucket = "dev.app.zwellhome.com" } resource "aws_s3_bucket_website_configuration" "www_bucket" {