From 3edc3c2e979f5cb2ec52a5d5028d9ff75b0076ab Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 18 Dec 2023 13:34:46 +0000 Subject: [PATCH] :shipit: Deploy `create-a-derived-tables` self-hosted runner to Cloud Platform (#2766) Signed-off-by: Jacob Woffenden --- .github/dependabot.yml | 13 ++++++- .../create-a-derived-table/iam-roles.tf | 6 +-- .../.terraform.lock.hcl | 0 .../create-a-derived-table.tf} | 22 +++++------ .../data.tf | 0 .../terraform.tf | 2 +- .../terraform.tfvars | 6 +-- .../variables.tf | 0 .../Chart.yaml | 6 --- .../templates/_helpers.tpl | 7 ---- .../templates/deployment.yml | 37 ------------------- .../templates/secrets.yml | 9 ----- .../templates/service-account.yml | 8 ---- .../values.yaml | 17 --------- 14 files changed, 27 insertions(+), 106 deletions(-) rename terraform/cloud-platform/live/data-platform-production/{github-actions-self-hosted-runners => actions-runners}/.terraform.lock.hcl (100%) rename terraform/cloud-platform/live/data-platform-production/{github-actions-self-hosted-runners/helm-releases.tf => actions-runners/create-a-derived-table.tf} (67%) rename terraform/cloud-platform/live/data-platform-production/{github-actions-self-hosted-runners => actions-runners}/data.tf (100%) rename terraform/cloud-platform/live/data-platform-production/{github-actions-self-hosted-runners => actions-runners}/terraform.tf (95%) rename terraform/cloud-platform/live/data-platform-production/{github-actions-self-hosted-runners => actions-runners}/terraform.tfvars (67%) rename terraform/cloud-platform/live/data-platform-production/{github-actions-self-hosted-runners => actions-runners}/variables.tf (100%) delete mode 100644 terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/Chart.yaml delete mode 100644 terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/_helpers.tpl delete mode 100644 terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/deployment.yml delete mode 100644 terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/secrets.yml delete mode 100644 terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/service-account.yml delete mode 100644 terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/values.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index db874cacb8..e6a3ec3502 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -449,7 +449,18 @@ updates: reviewers: - "ministryofjustice/data-platform-apps-and-tools" - package-ecosystem: "terraform" - directory: "terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners" + directory: "terraform/cloud-platform/live/data-platform-production/actions-runners" + schedule: + interval: "daily" + time: "09:00" + timezone: "Europe/London" + commit-message: + prefix: "terraform" + include: "scope" + reviewers: + - "ministryofjustice/data-platform-apps-and-tools" + - package-ecosystem: "terraform" + directory: "terraform/dpat-eks/production/actions-runners" schedule: interval: "daily" time: "09:00" diff --git a/terraform/aws/analytical-platform-data-production/create-a-derived-table/iam-roles.tf b/terraform/aws/analytical-platform-data-production/create-a-derived-table/iam-roles.tf index 4615f1c5c2..600c117191 100644 --- a/terraform/aws/analytical-platform-data-production/create-a-derived-table/iam-roles.tf +++ b/terraform/aws/analytical-platform-data-production/create-a-derived-table/iam-roles.tf @@ -15,11 +15,7 @@ module "create_a_derived_table_iam_role" { oidc_providers = { cloud-platform = { provider_arn = "arn:aws:iam::593291632749:oidc-provider/oidc.eks.eu-west-2.amazonaws.com/id/DF366E49809688A3B16EEC29707D8C09" - namespace_service_accounts = ["data-platform-production:gha-shr-mojas-create-a-derived-table"] - } - data-platform-development = { - provider_arn = "arn:aws:iam::593291632749:oidc-provider/oidc.eks.eu-west-2.amazonaws.com/id/BEE86BED6494692D4ED31C2ED2319E13" - namespace_service_accounts = ["github-actions:gha-shr-mojas-create-a-derived-table"] + namespace_service_accounts = ["data-platform-production:actions-runner-mojas-create-a-derived-table"] } data-platform-production = { provider_arn = "arn:aws:iam::593291632749:oidc-provider/oidc.eks.eu-west-2.amazonaws.com/id/F147414004D7C4CF820F21F453AF80F1" diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/.terraform.lock.hcl b/terraform/cloud-platform/live/data-platform-production/actions-runners/.terraform.lock.hcl similarity index 100% rename from terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/.terraform.lock.hcl rename to terraform/cloud-platform/live/data-platform-production/actions-runners/.terraform.lock.hcl diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/helm-releases.tf b/terraform/cloud-platform/live/data-platform-production/actions-runners/create-a-derived-table.tf similarity index 67% rename from terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/helm-releases.tf rename to terraform/cloud-platform/live/data-platform-production/actions-runners/create-a-derived-table.tf index a82d1e2755..0295816497 100644 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/helm-releases.tf +++ b/terraform/cloud-platform/live/data-platform-production/actions-runners/create-a-derived-table.tf @@ -1,7 +1,3 @@ -################################################## -# moj-analytical-services/create-a-derived-table -################################################## - data "aws_secretsmanager_secret" "github_actions_self_hosted_runner_create_a_derived_table" { provider = aws.analytical-platform-management-production @@ -14,10 +10,12 @@ data "aws_secretsmanager_secret_version" "github_actions_self_hosted_runner_crea secret_id = data.aws_secretsmanager_secret.github_actions_self_hosted_runner_create_a_derived_table.id } -resource "helm_release" "github_actions_self_hosted_runners_create_a_derived_table" { - name = "gha-shr-create-a-derived-table" - chart = "./src/helm/charts/github-actions-self-hosted-runners" - namespace = "data-platform-production" +resource "helm_release" "create_a_derived_table" { + name = "actions-runner-mojas-create-a-derived-table" + repository = "oci://ghcr.io/ministryofjustice/data-platform-charts" + version = "2.0.0" + chart = "actions-runner" + namespace = "data-platform-production" set { name = "github.organisation" @@ -35,12 +33,12 @@ resource "helm_release" "github_actions_self_hosted_runners_create_a_derived_tab } set { - name = "irsa.roleArn" - value = "arn:aws:iam::593291632749:role/create-a-derived-table" + name = "github.runner.labels" + value = "moj-cloud-platform" } set { - name = "runner.labels" - value = "moj-cloud-platform" + name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" + value = "arn:aws:iam::593291632749:role/create-a-derived-table" } } diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/data.tf b/terraform/cloud-platform/live/data-platform-production/actions-runners/data.tf similarity index 100% rename from terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/data.tf rename to terraform/cloud-platform/live/data-platform-production/actions-runners/data.tf diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/terraform.tf b/terraform/cloud-platform/live/data-platform-production/actions-runners/terraform.tf similarity index 95% rename from terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/terraform.tf rename to terraform/cloud-platform/live/data-platform-production/actions-runners/terraform.tf index cf01b1024c..2982bed245 100644 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/terraform.tf +++ b/terraform/cloud-platform/live/data-platform-production/actions-runners/terraform.tf @@ -3,7 +3,7 @@ terraform { acl = "private" bucket = "global-tf-state-aqsvzyd5u9" encrypt = true - key = "cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/terraform.tfstate" + key = "cloud-platform/live/data-platform-production/actions-runners/terraform.tfstate" region = "eu-west-2" dynamodb_table = "global-tf-state-aqsvzyd5u9-locks" } diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/terraform.tfvars b/terraform/cloud-platform/live/data-platform-production/actions-runners/terraform.tfvars similarity index 67% rename from terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/terraform.tfvars rename to terraform/cloud-platform/live/data-platform-production/actions-runners/terraform.tfvars index 6758c2b1b8..fc5beef464 100644 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/terraform.tfvars +++ b/terraform/cloud-platform/live/data-platform-production/actions-runners/terraform.tfvars @@ -5,10 +5,10 @@ account_ids = { tags = { business-unit = "Platforms" application = "Data Platform" - component = "GitHub Actions Self-Hosted Runners" - environment = "cloud-platform-live" + component = "Actions Runners" + environment = "management" is-production = "true" owner = "data-platform:data-platform-tech@digital.justice.gov.uk" infrastructure-support = "data-platform:data-platform-tech@digital.justice.gov.uk" - source-code = "github.com/ministryofjustice/data-platform/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners" + source-code = "github.com/ministryofjustice/data-platform/terraform/cloud-platform/live/data-platform-production/actions-runners" } diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/variables.tf b/terraform/cloud-platform/live/data-platform-production/actions-runners/variables.tf similarity index 100% rename from terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/variables.tf rename to terraform/cloud-platform/live/data-platform-production/actions-runners/variables.tf diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/Chart.yaml b/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/Chart.yaml deleted file mode 100644 index 6b0231fbaa..0000000000 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: v2 -name: github-actions-self-hosted-runners -description: A Helm chart for Kubernetes -type: application -version: 1.0.3 diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/_helpers.tpl b/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/_helpers.tpl deleted file mode 100644 index 6722d18ea2..0000000000 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/_helpers.tpl +++ /dev/null @@ -1,7 +0,0 @@ -{{- define "github.repoShorthand" }} -{{- if eq "moj-analytical-services" .Values.github.organisation }} -{{- printf "%s" "moj"}} -{{- else -}} -{{- printf "%s" "mojas"}} -{{- end -}} -{{- end }} diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/deployment.yml b/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/deployment.yml deleted file mode 100644 index 365176dff8..0000000000 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/deployment.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gha-shr-{{ template "github.repoShorthand" }}-{{ .Values.github.repository }} - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: gha-shr-{{ template "github.repoShorthand" }}-{{ .Values.github.repository }} - template: - metadata: - labels: - app: gha-shr-{{ template "github.repoShorthand" }}-{{ .Values.github.repository }} - spec: - serviceAccountName: gha-shr-{{ template "github.repoShorthand" }}-{{ .Values.github.repository }} - containers: - - name: actions-runner - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: Always - securityContext: - runAsUser: 10000 - env: - - name: GITHUB_REPOSITORY - value: {{ .Values.github.organisation }}/{{ .Values.github.repository }} - - name: GITHUB_TOKEN - valueFrom: - secretKeyRef: - name: gha-shr-{{ template "github.repoShorthand" }}-{{ .Values.github.repository }} - key: token - - name: RUNNER_LABELS - value: {{ .Values.runner.labels }} - resources: - limits: - memory: 4000Mi - cpu: 1000m diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/secrets.yml b/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/secrets.yml deleted file mode 100644 index f6c8c73519..0000000000 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/secrets.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: gha-shr-{{ template "github.repoShorthand" }}-{{ .Values.github.repository }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - token: {{ .Values.github.token | b64enc }} diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/service-account.yml b/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/service-account.yml deleted file mode 100644 index 432b8fbcd7..0000000000 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/templates/service-account.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gha-shr-{{ template "github.repoShorthand" }}-{{ .Values.github.repository }} - namespace: {{ .Release.Namespace }} - annotations: - eks.amazonaws.com/role-arn: {{ .Values.irsa.roleArn }} diff --git a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/values.yaml b/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/values.yaml deleted file mode 100644 index 9c859a28b3..0000000000 --- a/terraform/cloud-platform/live/data-platform-production/github-actions-self-hosted-runners/src/helm/charts/github-actions-self-hosted-runners/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -replicas: 1 - -image: - repository: ghcr.io/ministryofjustice/data-platform-actions-runner - tag: 0.0.9 - -github: - organisation: - repository: - token: - -runner: - labels: - -irsa: - roleArn: