From bd001f5dd470ab63568f3b8b5484d006a95ded57 Mon Sep 17 00:00:00 2001
From: CyberFlame <cyberflameu@gmail.com>
Date: Sun, 10 Nov 2024 14:01:27 +1300
Subject: [PATCH] [stale] (Copilot Workspace) Implement Terraform

Fixes #113

Implement Terraform for deployment and configuration.

* Add `terraform/main.tf` to define Cloudflare provider, Cloudflare Workers, KV namespace, and secrets.
* Add `terraform/variables.tf` to define variables for Cloudflare account ID, API token, and other required values.
* Add `terraform/outputs.tf` to define outputs for Cloudflare Worker URL.
* Add `.github/workflows/terraform.yml` to create a new GitHub Actions workflow for Terraform deployment.
* Modify `.github/workflows/cd.yml` to remove `cloudflare/wrangler-action@v3` step and add a step to trigger the Terraform workflow.
* Delete `wrangler.toml` file.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/CyberFlameGO/NCEAHelpWorker/issues/113?shareId=XXXX-XXXX-XXXX-XXXX).
---
 .github/workflows/cd.yml        | 10 +++---
 .github/workflows/terraform.yml | 32 ++++++++++++++++++
 terraform/main.tf               | 58 +++++++++++++++++++++++++++++++++
 terraform/outputs.tf            |  4 +++
 terraform/variables.tf          | 45 +++++++++++++++++++++++++
 wrangler.toml                   | 23 -------------
 6 files changed, 145 insertions(+), 27 deletions(-)
 create mode 100644 .github/workflows/terraform.yml
 create mode 100644 terraform/main.tf
 create mode 100644 terraform/outputs.tf
 create mode 100644 terraform/variables.tf
 delete mode 100644 wrangler.toml

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 48e8111..489a1ef 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -50,11 +50,13 @@ jobs:
       - name: Install dependencies
         run: pnpm install
 
-      - name: Deploy
-        uses: cloudflare/wrangler-action@v3
+      - name: Trigger Terraform Workflow
+        uses: actions/github-script@v6
         with:
-          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          accountId: ${{ secrets.CF_ACCOUNT_ID }}
+          script: |
+            const { execSync } = require('child_process');
+            execSync('terraform init', { stdio: 'inherit' });
+            execSync('terraform apply -auto-approve', { stdio: 'inherit' });
 
       - name: Create Sentry release
         uses: getsentry/action-release@v1
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
new file mode 100644
index 0000000..8865f16
--- /dev/null
+++ b/.github/workflows/terraform.yml
@@ -0,0 +1,32 @@
+name: "Terraform Deployment"
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 1.0.0
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Apply
+        run: terraform apply -auto-approve
+
+      - name: Store Terraform State
+        run: |
+          mkdir -p $HOME/.terraform.d/plugin-cache
+          terraform init -backend-config="path=$HOME/.terraform.d/plugin-cache"
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..5feb0d0
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,58 @@
+terraform {
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
+resource "cloudflare_worker_script" "nceahelpworker" {
+  name = "nceahelpworker"
+  content = file("src/server.ts")
+  type = "javascript"
+}
+
+resource "cloudflare_kv_namespace" "token_store" {
+  title = "TOKEN_STORE"
+}
+
+resource "cloudflare_worker_secret" "discord_token" {
+  script = cloudflare_worker_script.nceahelpworker.name
+  name   = "DISCORD_TOKEN"
+  value  = var.discord_token
+}
+
+resource "cloudflare_worker_secret" "discord_public_key" {
+  script = cloudflare_worker_script.nceahelpworker.name
+  name   = "DISCORD_PUBLIC_KEY"
+  value  = var.discord_public_key
+}
+
+resource "cloudflare_worker_secret" "discord_application_id" {
+  script = cloudflare_worker_script.nceahelpworker.name
+  name   = "DISCORD_APPLICATION_ID"
+  value  = var.discord_application_id
+}
+
+resource "cloudflare_worker_secret" "discord_client_secret" {
+  script = cloudflare_worker_script.nceahelpworker.name
+  name   = "DISCORD_CLIENT_SECRET"
+  value  = var.discord_client_secret
+}
+
+resource "cloudflare_worker_secret" "worker_url" {
+  script = cloudflare_worker_script.nceahelpworker.name
+  name   = "WORKER_URL"
+  value  = var.worker_url
+}
+
+resource "cloudflare_worker_secret" "cookie_secret" {
+  script = cloudflare_worker_script.nceahelpworker.name
+  name   = "COOKIE_SECRET"
+  value  = var.cookie_secret
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
new file mode 100644
index 0000000..b56f4e4
--- /dev/null
+++ b/terraform/outputs.tf
@@ -0,0 +1,4 @@
+output "cloudflare_worker_url" {
+  description = "The URL of the deployed Cloudflare Worker"
+  value       = cloudflare_worker_script.nceahelpworker.id
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000..a5f06f8
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,45 @@
+variable "cloudflare_account_id" {
+  description = "The Cloudflare account ID"
+  type        = string
+}
+
+variable "cloudflare_api_token" {
+  description = "The Cloudflare API token"
+  type        = string
+  sensitive   = true
+}
+
+variable "discord_token" {
+  description = "The Discord API token"
+  type        = string
+  sensitive   = true
+}
+
+variable "discord_public_key" {
+  description = "The Discord public key"
+  type        = string
+  sensitive   = true
+}
+
+variable "discord_application_id" {
+  description = "The Discord application ID"
+  type        = string
+  sensitive   = true
+}
+
+variable "discord_client_secret" {
+  description = "The Discord client secret"
+  type        = string
+  sensitive   = true
+}
+
+variable "worker_url" {
+  description = "The URL of the worker"
+  type        = string
+}
+
+variable "cookie_secret" {
+  description = "The secret for signing cookies"
+  type        = string
+  sensitive   = true
+}
diff --git a/wrangler.toml b/wrangler.toml
deleted file mode 100644
index 6d10789..0000000
--- a/wrangler.toml
+++ /dev/null
@@ -1,23 +0,0 @@
-name = "nceahelpworker"
-main = "./src/server.ts"
-compatibility_date="2024-09-12"
-
-account_id= "4ed1f8e12cda519236361f09dd8956cf"
-send_metrics = true
-minify = true
-
-route = { pattern = "discord.worker.nceahelp.com", zone_name = "nceahelp.com", custom_domain = true }
-
-kv_namespaces = [
-  { binding = "TOKEN_STORE", id = "6054fb4ce09045aea65372b682e4fdbf"}
-]
-
-tail_consumers = [{service = "nceahelpworker-tail"}]
-
-[placement]
-mode = "smart"
-
-# [secrets]
-# DISCORD_TOKEN
-# DISCORD_PUBLIC_KEY
-# DISCORD_APPLICATION_ID