diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml new file mode 100644 index 0000000..993ff08 --- /dev/null +++ b/.github/workflows/develop.yml @@ -0,0 +1,20 @@ +name: "DEV DEPLOY" + +on: + push: + branches: + - develop + +permissions: + id-token: write + contents: read + +jobs: + terraform: + uses: ./.github/workflows/terraform.yml + with: + environment: dev + aws-assume-role-arn: "arn:aws:iam::{{ sua conta aws }}:role/{{ nome da role }}" + aws-region: "sa-east-1" + aws-statefile-s3-bucket: "{{ nome do bucket s3 }}" + aws-lock-dynamodb-table: "{{ nome da tabela do dynamodb }}" \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..7d09dd0 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,20 @@ +name: "PROD DEPLOY" + +on: + push: + branches: + - main + +permissions: + id-token: write + contents: read + +jobs: + terraform: + uses: ./.github/workflows/terraform.yml + with: + environment: prod + aws-assume-role-arn: "arn:aws:iam::{{ sua conta aws }}:role/{{ nome da role }}" + aws-region: "sa-east-1" + aws-statefile-s3-bucket: "{{ nome do bucket s3 }}" + aws-lock-dynamodb-table: "{{ nome da tabela do dynamodb }}" \ No newline at end of file diff --git a/.github/workflows/terraform-dev.yml b/.github/workflows/terraform-dev.yml deleted file mode 100644 index 8d9fd89..0000000 --- a/.github/workflows/terraform-dev.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: "[DEV] - Terraform Deployment" - -on: - push: - branches: - - develop - -env: - AWS_REGION: "sa-east-1" - TERRAFORM_DYNAMODB_LOCK_TABLE: "buildrun-terraform-state-lock" - TERRAFORM_S3_STATEFILE_BUCKET: "buildrun-sa-east-1-terraform-s3-statefile" - -permissions: - id-token: write - contents: read - -jobs: - terraform: - runs-on: ubuntu-latest - - defaults: - run: - shell: bash - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.8.3 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::179916804929:role/BuildRun-GithubActions-Role - role-session-name: GitHub_to_AWS_via_FederatedOIDC - aws-region: ${{ env.AWS_REGION }} - - - name: Read destroy configuration - id: read-destroy-config - run: | - DESTROY_DEV="$(jq -r '.dev' ./infra/destroy_config.json)" - echo "destroy_dev=$(echo $DESTROY_DEV)" >> $GITHUB_OUTPUT - - - name: Terraform Init - run: | - cd infra && terraform init \ - -backend-config="bucket=${{ env.TERRAFORM_S3_STATEFILE_BUCKET }}" \ - -backend-config="key=${{ github.event.repository.name }}" \ - -backend-config="region=${{ env.AWS_REGION }}" \ - -backend-config="dynamodb_table=${{ env.TERRAFORM_DYNAMODB_LOCK_TABLE }}" - - - name: Terraform Validate - run: terraform validate - - - name: Terraform Destroy for Dev - if: steps.read-destroy-config.outputs.destroy_dev == 'true' && github.ref == 'refs/heads/develop' && github.event_name == 'push' - id: terraform-destroy-dev - run: cd infra && - terraform workspace select dev || terraform workspace new dev && - terraform destroy -var-file="./envs/dev/terraform.tfvars" -auto-approve - - - name: Terraform Plan for Dev - if: steps.read-destroy-config.outputs.destroy_dev != 'true' && github.ref == 'refs/heads/develop' && github.event_name == 'push' - id: terraform-plan-dev - run: cd infra && - terraform workspace select dev || terraform workspace new dev && - terraform plan -var-file="./envs/dev/terraform.tfvars" -out=dev.plan - - - name: Terraform Apply for Dev - id: terraform-apply-dev - if: steps.read-destroy-config.outputs.destroy_dev != 'true' && github.ref == 'refs/heads/develop' && github.event_name == 'push' - run: cd infra && - terraform workspace select dev || terraform workspace new dev && - terraform apply "dev.plan" \ No newline at end of file diff --git a/.github/workflows/terraform-prod.yml b/.github/workflows/terraform-prod.yml deleted file mode 100644 index d187d49..0000000 --- a/.github/workflows/terraform-prod.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: "[PROD] - Terraform Deployment" - -on: - push: - branches: - - main - -env: - AWS_REGION: "sa-east-1" - TERRAFORM_DYNAMODB_LOCK_TABLE: "buildrun-terraform-state-lock" - TERRAFORM_S3_STATEFILE_BUCKET: "buildrun-sa-east-1-terraform-s3-statefile" - -permissions: - id-token: write - contents: read - -jobs: - terraform: - runs-on: ubuntu-latest - - defaults: - run: - shell: bash - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.8.3 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::179916804929:role/BuildRun-GithubActions-Role #change to reflect your IAM role’s ARN - role-session-name: GitHub_to_AWS_via_FederatedOIDC - aws-region: ${{ env.AWS_REGION }} - - - name: Read destroy configuration - id: read-destroy-config - run: | - DESTROY_PROD="$(jq -r '.prod' ./infra/destroy_config.json)" - echo "destroy_prod=$(echo $DESTROY_PROD)" >> $GITHUB_OUTPUT - - - name: Terraform Init - run: | - cd infra && terraform init \ - -backend-config="bucket=${{ env.TERRAFORM_S3_STATEFILE_BUCKET }}" \ - -backend-config="key=${{ github.event.repository.name }}" \ - -backend-config="region=${{ env.AWS_REGION }}" \ - -backend-config="dynamodb_table=${{ env.TERRAFORM_DYNAMODB_LOCK_TABLE }}" - - - name: Terraform Validate - run: terraform validate - - - name: Terraform Destroy for Prod - if: steps.read-destroy-config.outputs.destroy_prod == 'true' && github.ref == 'refs/heads/main' && github.event_name == 'push' - id: terraform-destroy-prod - run: cd infra && - terraform workspace select prod || terraform workspace new prod && - terraform destroy -var-file="./envs/prod/terraform.tfvars" -auto-approve - - - name: Terraform Plan for Prod - if: steps.read-destroy-config.outputs.destroy_prod != 'true' && github.ref == 'refs/heads/main' && github.event_name == 'push' - id: terraform-plan-prod - run: cd infra && - terraform workspace select prod || terraform workspace new prod && - terraform plan -var-file="./envs/prod/terraform.tfvars" -out=prod.plan - - - name: Terraform Apply for Prod - if: steps.read-destroy-config.outputs.destroy_prod != 'true' && github.ref == 'refs/heads/main' && github.event_name == 'push' - id: terraform-apply-prod - run: cd infra && - terraform workspace select prod || terraform workspace new prod && - terraform apply "prod.plan" \ No newline at end of file diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 0000000..fd8ed3d --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,81 @@ +name: "Terraform Workflow" + +on: + workflow_call: + inputs: + environment: + type: string + required: true + aws-assume-role-arn: + type: string + required: true + aws-region: + type: string + required: true + aws-statefile-s3-bucket: + type: string + required: true + aws-lock-dynamodb-table: + type: string + required: true + +jobs: + terraform: + runs-on: ubuntu-latest + defaults: + run: + shell: bash + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.8.3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ inputs.aws-assume-role-arn }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: ${{ inputs.aws-region }} + + - name: Read destroy configuration + id: read-destroy-config + run: | + DESTROY="$(jq -r '.${{ inputs.environment }}' ./infra/destroy_config.json)" + echo "destroy=$(echo $DESTROY)" >> $GITHUB_OUTPUT + + - name: Terraform Init + run: | + cd infra && terraform init \ + -backend-config="bucket=${{ inputs.aws-statefile-s3-bucket }}" \ + -backend-config="key=${{ github.event.repository.name }}" \ + -backend-config="region=${{ inputs.aws-region }}" \ + -backend-config="dynamodb_table=${{ inputs.aws-lock-dynamodb-table }}" + + - name: Terraform Validate + run: terraform validate + + - name: Terraform Destroy + if: steps.read-destroy-config.outputs.destroy == 'true' + id: terraform-destroy + run: cd infra && + terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} && + terraform destroy -var-file="./envs/${{ inputs.environment }}/terraform.tfvars" -auto-approve + + - name: Terraform Plan + if: steps.read-destroy-config.outputs.destroy != 'true' + id: terraform-plan + run: cd infra && + terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} && + terraform plan -var-file="./envs/${{ inputs.environment }}/terraform.tfvars" -out="${{ inputs.environment }}.plan" + + - name: Terraform Apply + if: steps.read-destroy-config.outputs.destroy != 'true' + id: terraform-apply + run: cd infra && + terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} && + terraform apply "${{ inputs.environment }}.plan" \ No newline at end of file diff --git a/infra/envs/dev/terraform.tfvars b/infra/envs/dev/terraform.tfvars index 17d662e..20da6a9 100644 --- a/infra/envs/dev/terraform.tfvars +++ b/infra/envs/dev/terraform.tfvars @@ -1 +1 @@ -bucket_name="dev-buildrun-pipeline-123-bucket" \ No newline at end of file +bucket_name="dev-sa-east-1-buildrun-video-pipeline" \ No newline at end of file diff --git a/infra/envs/prod/terraform.tfvars b/infra/envs/prod/terraform.tfvars index f041ac9..680933d 100644 --- a/infra/envs/prod/terraform.tfvars +++ b/infra/envs/prod/terraform.tfvars @@ -1 +1 @@ -bucket_name="prod-buildrun-pipeline-123-bucket" \ No newline at end of file +bucket_name="prod-sa-east-1-buildrun-video-pipeline" \ No newline at end of file diff --git a/infra/main.tf b/infra/main.tf index a3a1ef2..98903b0 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -1,3 +1,3 @@ -resource "aws_s3_bucket" "myBucket" { +resource "aws_s3_bucket" "bucket" { bucket = var.bucket_name } \ No newline at end of file diff --git a/infra/providers.tf b/infra/provider.tf similarity index 100% rename from infra/providers.tf rename to infra/provider.tf diff --git a/infra/variables.tf b/infra/variables.tf index bc8db68..c4abf43 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -1,3 +1,3 @@ variable "bucket_name" { - nullable = false + type = string } \ No newline at end of file