From a1dc4ad1d0de762bdf7effc0498ea4de5238771b Mon Sep 17 00:00:00 2001
From: Joshua Burns <joshua.burns@liatrio.com>
Date: Fri, 8 Sep 2023 13:54:35 -0700
Subject: [PATCH] add infra folder and inital workflow

---
 .github/workflows/build-infra.yaml | 36 ++++++++++++++++++++++++++++++
 .gitignore                         | 16 +++++++++++++
 infra/terragrunt.hcl               | 24 ++++++++++++++++++++
 infra/tf/_outputs.tf               |  3 +++
 infra/tf/_terraform.tf             | 12 ++++++++++
 infra/tf/_varibales.tf             |  5 +++++
 infra/tf/ecr.tf                    |  8 +++++++
 infra/tf/ecs.tf                    | 34 ++++++++++++++++++++++++++++
 8 files changed, 138 insertions(+)
 create mode 100644 .github/workflows/build-infra.yaml
 create mode 100644 infra/terragrunt.hcl
 create mode 100644 infra/tf/_outputs.tf
 create mode 100644 infra/tf/_terraform.tf
 create mode 100644 infra/tf/_varibales.tf
 create mode 100644 infra/tf/ecr.tf
 create mode 100644 infra/tf/ecs.tf

diff --git a/.github/workflows/build-infra.yaml b/.github/workflows/build-infra.yaml
new file mode 100644
index 0000000..b7d5f75
--- /dev/null
+++ b/.github/workflows/build-infra.yaml
@@ -0,0 +1,36 @@
+name: Build Infra
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - './infra/**'
+  workflow_dispatch: {}
+
+jobs:
+  run:
+    name: run
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      # Install the terraform and terragrunt
+      # - uses: alexellis/setup-arkade@v1
+      # - uses: alexellis/arkade-get@master
+      #   with:
+      #     terraform: latest
+      #     terragrunt: latest
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-access-key-id: ${{ secrets.PERSONAL_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.PERSONAL_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ vars.ROLE_TO_ASSUME }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      # Display IAM Identity
+      - name: Display IAM Identity
+        run: |
+          aws sts get-caller-identity
diff --git a/.gitignore b/.gitignore
index 4f810c0..456d5ec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,19 @@ notes
 .env
 
 *.tsbuildinfo
+
+# Terragrunt/Terraform files https://raw.githubusercontent.com/gruntwork-io/terragrunt/f6ab8991f4f318343db3321691ac37fa366c8762/.gitignore
+.*.sw?
+.idea
+terragrunt.iml
+vendor
+.terraform
+.vscode
+*.tfstate
+*.tfstate.backup
+*.out
+.terragrunt-cache
+.bundle
+.ruby-version
+.terraform.lock.hcl
+terragrunt
diff --git a/infra/terragrunt.hcl b/infra/terragrunt.hcl
new file mode 100644
index 0000000..3e68063
--- /dev/null
+++ b/infra/terragrunt.hcl
@@ -0,0 +1,24 @@
+remote_state {
+  backend = "s3"
+  generate = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket  = "keyless-workflow-demo"
+    key     = "keyless-workflow-demo/terraform.tfstate"
+
+    region                = "us-west-2"
+    dynamodb_table        = "tflocks"
+    disable_bucket_update = true
+
+    # Permissions thing
+    skip_bucket_versioning = true
+
+    encrypt = true
+  }
+}
+
+terraform {
+  source = ".//tf"
+}
diff --git a/infra/tf/_outputs.tf b/infra/tf/_outputs.tf
new file mode 100644
index 0000000..07d4359
--- /dev/null
+++ b/infra/tf/_outputs.tf
@@ -0,0 +1,3 @@
+output "knowledgeshare_ecr_url" {
+  value = aws_ecr_repository.knowledgeshare_ui_ecr.repository_url
+}
diff --git a/infra/tf/_terraform.tf b/infra/tf/_terraform.tf
new file mode 100644
index 0000000..64bee2f
--- /dev/null
+++ b/infra/tf/_terraform.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-west-2"
+}
diff --git a/infra/tf/_varibales.tf b/infra/tf/_varibales.tf
new file mode 100644
index 0000000..09fe119
--- /dev/null
+++ b/infra/tf/_varibales.tf
@@ -0,0 +1,5 @@
+variable "name" {
+  type        = string
+  description = "The Repository Name"
+  default = "keyless-workflow-demo"
+}
diff --git a/infra/tf/ecr.tf b/infra/tf/ecr.tf
new file mode 100644
index 0000000..5d75fee
--- /dev/null
+++ b/infra/tf/ecr.tf
@@ -0,0 +1,8 @@
+resource "aws_ecr_repository" "knowledgeshare_ui_ecr" {
+  name                 = var.name
+  image_tag_mutability = "MUTABLE"
+
+  image_scanning_configuration {
+    scan_on_push = true
+  }
+}
diff --git a/infra/tf/ecs.tf b/infra/tf/ecs.tf
new file mode 100644
index 0000000..4bb474b
--- /dev/null
+++ b/infra/tf/ecs.tf
@@ -0,0 +1,34 @@
+resource "aws_ecs_cluster" "knowledgeshare_ui_ecs_cluster" {
+  name = "knowledgeshare-demo"
+  setting {
+    name = "containerInsights"
+    value = "enabled"
+  }
+}
+
+resource "aws_ecs_task_definition" "knowledgeshare_ui_task" {
+  family = "knowledgeshare-service"
+  container_definitions = jsonencode([{
+    name = "knowledgeshare-ui"
+    image = "${aws_ecr_repository.knowledgeshare_ui_ecr.repository_url}:latest"
+    memory = 512
+    essential = true
+    portMappings = [
+      {
+        containerPort = 8080
+        hostPort = 80
+      }
+    ]
+  }])
+}
+
+resource "aws_ecs_service" "knowledgeshare_ui_service" {
+  name = "knowledgeshare_ui"
+  cluster = aws_ecs_cluster.knowledgeshare_ui_ecs_cluster.id
+  task_definition = aws_ecs_task_definition.knowledgeshare_ui_task.arn
+  desired_count = 2
+  force_new_deployment = true
+  # iam_role        = aws_iam_role.foo.arn
+  # depends_on      = [aws_iam_role_policy.foo]
+
+}