Skip to content

Commit

Permalink
ready
Browse files Browse the repository at this point in the history
  • Loading branch information
adamlahbib committed Nov 22, 2024
0 parents commit e429cbe
Show file tree
Hide file tree
Showing 79 changed files with 7,750 additions and 0 deletions.
1 change: 1 addition & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
readme.md
72 changes: 72 additions & 0 deletions .github/actions/build-push-image/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: Build and push image
description: 'Builds and pushes a Docker image to Amazon ECR'

inputs:
aws-access-key-id:
description: 'AWS Access Key ID'
required: true
aws-secret-access-key:
description: 'AWS Secret Access Key'
required: true
aws-region:
description: 'AWS Region'
required: true
ecr-repository:
description: 'ECR Repository'
required: true
dockerfile:
description: 'Dockerfile'
required: true
default: './Dockerfile'
stage:
description: 'Deployment stage'
required: true
buildable:
description: 'Whether the image should be built and pushed'
required: true
default: 'true'

outputs:
image:
description: 'Docker image URI'
value: ${{ steps.image-uri.outputs.tag }}:${{ inputs.stage }}-${{ github.sha }}

runs:
using: 'composite'
steps:
- name: Set up Docker Buildx
if: ${{ inputs.buildable == 'true' }}
uses: docker/setup-buildx-action@v3
with:
version: latest

- name: Configure AWS Credentials
if: ${{ inputs.buildable == 'true' }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}

- name: Login to Amazon ECR
if: ${{ inputs.buildable == 'true' }}
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Tag Image
if: ${{ inputs.buildable == 'true' }}
id: image-uri
shell: bash
run: |
tag=${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr-repository }}
echo "tag=$tag" >> $GITHUB_OUTPUT
- name: Build and Push Image
if: ${{ inputs.buildable == 'true' }}
uses: docker/build-push-action@v5
with:
push: true
file: ${{ inputs.dockerfile }}
tags: ${{ steps.image-uri.outputs.tag }}:latest, ${{ steps.image-uri.outputs.tag }}:${{ github.sha }}, ${{ steps.image-uri.outputs.tag }}:${{ inputs.stage }}-${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
81 changes: 81 additions & 0 deletions .github/actions/terraform-apply/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
name: Terraform Apply
description: 'Applies Terraform configuration'

inputs:
aws-access-key-id:
description: 'AWS Access Key ID'
required: true
aws-secret-access-key:
description: 'AWS Secret Access Key'
required: true
aws-region:
description: 'AWS Region'
required: true
tfstate-bucket:
description: 'Terraform state bucket'
required: true
tfstate-key:
description: 'Terraform state key'
required: true
stage:
description: 'Deployment stage'
required: true
GRAFANA_ADMIN_PASSWORD:
description: 'Grafana admin password'
required: true
CLOUDFLARE_ZONE_ID:
description: 'Cloudflare Zone ID'
required: true
CLOUDFLARE_TOKEN:
description: 'Cloudflare Token'
required: true
CLOUDFLARE_EMAIL:
description: 'Cloudflare Email'
required: true
CLOUDFLARE_API_TOKEN:
description: 'Cloudflare API Token'
required: true
SLACK_WEBHOOK:
description: 'Slack Webhook'
required: true
TAILSCALE_CLIENT_ID:
description: 'Tailscale Client ID'
required: true
TAILSCALE_CLIENT_SECRET:
description: 'Tailscale Client Secret'
required: true
CROWDSEC_ENROLL_KEY:
description: 'CrowdSec Enroll Key'
required: true

runs:
using: 'composite'
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}

- name: Terraform Apply
env:
TF_VAR_GRAFANA_ADMIN_PASSWORD: ${{ inputs.GRAFANA_ADMIN_PASSWORD }}
TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
TF_VAR_SLACK_WEBHOOK: ${{ inputs.SLACK_WEBHOOK }}
TF_VAR_TAILSCALE_CLIENT_ID: ${{ inputs.TAILSCALE_CLIENT_ID }}
TF_VAR_TAILSCALE_CLIENT_SECRET: ${{ inputs.TAILSCALE_CLIENT_SECRET }}
TF_VAR_CROWDSEC_ENROLL_KEY: ${{ inputs.CROWDSEC_ENROLL_KEY }}
uses: dflook/terraform-apply@v1
with:
path: ./terraform
var_file: ./terraform/stages/${{ inputs.stage }}.tfvars
backend_config: >
bucket=${{ inputs.tfstate-bucket }},
key=${{ inputs.tfstate-key }},
region=${{ inputs.aws-region }},
encrypt=true
auto_approve: true
80 changes: 80 additions & 0 deletions .github/actions/terraform-destroy/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
name: Terraform Apply
description: 'Applies Terraform configuration'

inputs:
aws-access-key-id:
description: 'AWS Access Key ID'
required: true
aws-secret-access-key:
description: 'AWS Secret Access Key'
required: true
aws-region:
description: 'AWS Region'
required: true
tfstate-bucket:
description: 'Terraform state bucket'
required: true
tfstate-key:
description: 'Terraform state key'
required: true
stage:
description: 'Deployment stage'
required: true
GRAFANA_ADMIN_PASSWORD:
description: 'Grafana admin password'
required: true
CLOUDFLARE_ZONE_ID:
description: 'Cloudflare Zone ID'
required: true
CLOUDFLARE_TOKEN:
description: 'Cloudflare Token'
required: true
CLOUDFLARE_EMAIL:
description: 'Cloudflare Email'
required: true
CLOUDFLARE_API_TOKEN:
description: 'Cloudflare API Token'
required: true
SLACK_WEBHOOK:
description: 'Slack Webhook'
required: true
TAILSCALE_CLIENT_ID:
description: 'Tailscale Client ID'
required: true
TAILSCALE_CLIENT_SECRET:
description: 'Tailscale Client Secret'
required: true
CROWDSEC_ENROLL_KEY:
description: 'CrowdSec Enroll Key'
required: true

runs:
using: 'composite'
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}

- name: Terraform Destroy
env:
TF_VAR_GRAFANA_ADMIN_PASSWORD: ${{ inputs.GRAFANA_ADMIN_PASSWORD }}
TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
TF_VAR_SLACK_WEBHOOK: ${{ inputs.SLACK_WEBHOOK }}
TF_VAR_TAILSCALE_CLIENT_ID: ${{ inputs.TAILSCALE_CLIENT_ID }}
TF_VAR_TAILSCALE_CLIENT_SECRET: ${{ inputs.TAILSCALE_CLIENT_SECRET }}
TF_VAR_CROWDSEC_ENROLL_KEY: ${{ inputs.CROWDSEC_ENROLL_KEY }}
uses: dflook/terraform-destroy@v1
with:
path: ./terraform
var_file: ./terraform/stages/${{ inputs.stage }}.tfvars
backend_config: >
bucket=${{ inputs.tfstate-bucket }},
key=${{ inputs.tfstate-key }},
region=${{ inputs.aws-region }},
encrypt=true
87 changes: 87 additions & 0 deletions .github/actions/terraform-plan/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
name: Terraform Apply
description: 'Applies Terraform configuration'

inputs:
aws-access-key-id:
description: 'AWS Access Key ID'
required: true
aws-secret-access-key:
description: 'AWS Secret Access Key'
required: true
aws-region:
description: 'AWS Region'
required: true
tfstate-bucket:
description: 'Terraform state bucket'
required: true
tfstate-key:
description: 'Terraform state key'
required: true
stage:
description: 'Deployment stage'
required: true
github-token:
description: 'GitHub token'
required: true
GRAFANA_ADMIN_PASSWORD:
description: 'Grafana admin password'
required: true
CLOUDFLARE_ZONE_ID:
description: 'Cloudflare Zone ID'
required: true
CLOUDFLARE_TOKEN:
description: 'Cloudflare Token'
required: true
CLOUDFLARE_EMAIL:
description: 'Cloudflare Email'
required: true
CLOUDFLARE_API_TOKEN:
description: 'Cloudflare API Token'
required: true
SLACK_WEBHOOK:
description: 'Slack Webhook'
required: true
TAILSCALE_CLIENT_ID:
description: 'Tailscale Client ID'
required: true
TAILSCALE_CLIENT_SECRET:
description: 'Tailscale Client Secret'
required: true
CROWDSEC_ENROLL_KEY:
description: 'CrowdSec Enroll Key'
required: true

runs:
using: 'composite'
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}

- name: Export GitHub Token
shell: bash
run: echo "GITHUB_TOKEN=${{ inputs.github-token }}" >> $GITHUB_ENV

- name: Terraform Plan
env:
TF_VAR_GRAFANA_ADMIN_PASSWORD: ${{ inputs.GRAFANA_ADMIN_PASSWORD }}
TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
TF_VAR_SLACK_WEBHOOK: ${{ inputs.SLACK_WEBHOOK }}
TF_VAR_TAILSCALE_CLIENT_ID: ${{ inputs.TAILSCALE_CLIENT_ID }}
TF_VAR_TAILSCALE_CLIENT_SECRET: ${{ inputs.TAILSCALE_CLIENT_SECRET }}
TF_VAR_CROWDSEC_ENROLL_KEY: ${{ inputs.CROWDSEC_ENROLL_KEY }}
uses: dflook/terraform-plan@v1
with:
path: ./terraform
var_file: ./terraform/stages/${{ inputs.stage }}.tfvars
backend_config: >
bucket=${{ inputs.tfstate-bucket }},
key=${{ inputs.tfstate-key }},
region=${{ inputs.aws-region }},
encrypt=true
12 changes: 12 additions & 0 deletions .github/dependabot.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
day: "wednesday"
time: "23:30"
open-pull-requests-limit: 5
ignore:
- dependency-name: "fastapi"
versions: ["<0.91.0"]
Loading

0 comments on commit e429cbe

Please sign in to comment.