From 9516a98938d6dce0234fb5a9ed08518421be6b96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksa=20Siri=C5=A1ki?= <31509435+aleksasiriski@users.noreply.github.com> Date: Sat, 31 Aug 2024 03:15:55 +0200 Subject: [PATCH] feat: fun :) --- .github/workflows/digger_workflow_dev.yml | 40 +++++ .github/workflows/digger_workflow_prod.yml | 40 +++++ digger.yml | 12 ++ live/dev/agent/.terraform.lock.hcl | 56 ------- live/dev/agent/terragrunt.hcl | 146 ------------------ live/dev/dns/terragrunt.hcl | 2 + live/dev/frontend-llrt/.terraform.lock.hcl | 56 ------- live/dev/frontend-llrt/terragrunt.hcl | 130 ---------------- live/prod/agent/.terraform.lock.hcl | 59 ++++--- live/prod/agent/terragrunt.hcl | 23 ++- live/prod/dns/terragrunt.hcl | 12 -- live/prod/frontend/.terraform.lock.hcl | 59 ++++--- live/prod/frontend/terragrunt.hcl | 11 +- modules/cloudfront/functions.tf | 8 +- modules/cloudfront/variables.tf | 12 +- .../policy.tf => dynamodb-iam-role/main.tf} | 6 +- modules/dynamodb-iam-role/outputs.tf | 3 + modules/dynamodb-iam-role/variables.tf | 4 + .../versions.tf | 6 +- modules/dynamodb/outputs.tf | 3 - modules/github-asset-downloader/main.tf | 10 ++ modules/github-asset-downloader/outputs.tf | 13 ++ modules/github-asset-downloader/variables.tf | 19 +++ modules/github-asset-downloader/versions.tf | 13 ++ modules/s3-src-upload/main.tf | 10 +- modules/s3-src-upload/variables.tf | 8 +- modules/source-code-archiver/locals.tf | 7 - modules/source-code-archiver/main.tf | 8 - modules/source-code-archiver/outputs.tf | 11 -- modules/source-code-archiver/variables.tf | 24 --- stacks/agent/dynamodb.tf | 25 +-- stacks/agent/lambda.tf | 30 ++-- stacks/agent/locals.tf | 7 +- stacks/agent/main.tf.tpl | 35 ++++- stacks/agent/variables.tf | 15 +- stacks/frontend/cloudfront.tf | 17 +- stacks/frontend/lambda.tf | 12 +- stacks/frontend/locals.tf | 1 + stacks/frontend/main.tf.tpl | 6 +- stacks/frontend/variables.tf | 15 +- todo.md | 4 - 41 files changed, 358 insertions(+), 620 deletions(-) create mode 100644 .github/workflows/digger_workflow_dev.yml create mode 100644 .github/workflows/digger_workflow_prod.yml create mode 100644 digger.yml delete mode 100644 live/dev/agent/.terraform.lock.hcl delete mode 100644 live/dev/agent/terragrunt.hcl delete mode 100644 live/dev/frontend-llrt/.terraform.lock.hcl delete mode 100644 live/dev/frontend-llrt/terragrunt.hcl rename modules/{dynamodb/policy.tf => dynamodb-iam-role/main.tf} (86%) create mode 100644 modules/dynamodb-iam-role/outputs.tf create mode 100644 modules/dynamodb-iam-role/variables.tf rename modules/{source-code-archiver => dynamodb-iam-role}/versions.tf (50%) create mode 100644 modules/github-asset-downloader/main.tf create mode 100644 modules/github-asset-downloader/outputs.tf create mode 100644 modules/github-asset-downloader/variables.tf create mode 100644 modules/github-asset-downloader/versions.tf delete mode 100644 modules/source-code-archiver/locals.tf delete mode 100644 modules/source-code-archiver/main.tf delete mode 100644 modules/source-code-archiver/outputs.tf delete mode 100644 modules/source-code-archiver/variables.tf delete mode 100644 todo.md diff --git a/.github/workflows/digger_workflow_dev.yml b/.github/workflows/digger_workflow_dev.yml new file mode 100644 index 0000000..83b3cf8 --- /dev/null +++ b/.github/workflows/digger_workflow_dev.yml @@ -0,0 +1,40 @@ +name: Digger Workflow + +on: + workflow_dispatch: + inputs: + spec: + required: true + run_name: + required: false + +run-name: "${{inputs.run_name}}" + +jobs: + digger-job: + runs-on: ubuntu-latest + environment: dev + permissions: + contents: write # required to merge PRs + actions: write # required for plan persistence + id-token: write # required for workload-identity-federation + pull-requests: write # required to post PR comments + statuses: write # required to validate combined PR status + + steps: + - uses: actions/checkout@v4 + - name: ${{ fromJSON(github.event.inputs.spec).job_id }} + run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}" + - uses: diggerhq/digger@v0.6.36 + with: + digger-spec: ${{ inputs.spec }} + setup-opentofu: true + opentofu-version: v1.8.1 + setup-terragrunt: true + terragrunt-version: 0.66.4 + setup-aws: true + aws-role-to-assume: arn:aws:iam::891377085136_Admin:role/github-oidc-auth-role + aws-region: eu-central-1 + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/digger_workflow_prod.yml b/.github/workflows/digger_workflow_prod.yml new file mode 100644 index 0000000..528c99e --- /dev/null +++ b/.github/workflows/digger_workflow_prod.yml @@ -0,0 +1,40 @@ +name: Digger Workflow + +on: + workflow_dispatch: + inputs: + spec: + required: true + run_name: + required: false + +run-name: "${{inputs.run_name}}" + +jobs: + digger-job: + runs-on: ubuntu-latest + environment: prod + permissions: + contents: write # required to merge PRs + actions: write # required for plan persistence + id-token: write # required for workload-identity-federation + pull-requests: write # required to post PR comments + statuses: write # required to validate combined PR status + + steps: + - uses: actions/checkout@v4 + - name: ${{ fromJSON(github.event.inputs.spec).job_id }} + run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}" + - uses: diggerhq/digger@v0.6.36 + with: + digger-spec: ${{ inputs.spec }} + setup-opentofu: true + opentofu-version: v1.8.1 + setup-terragrunt: true + terragrunt-version: 0.66.4 + setup-aws: true + aws-role-to-assume: arn:aws:iam::730335356331_Admin:role/github-oidc-auth-role + aws-region: eu-central-1 + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/digger.yml b/digger.yml new file mode 100644 index 0000000..2cc00ef --- /dev/null +++ b/digger.yml @@ -0,0 +1,12 @@ +generate_projects: + blocks: + - block_name: prod + terragrunt: true + root_dir: "live/prod/" + workflow: default + workflow_file: digger_workflow_prod.yml + - block_name: dev + terragrunt: true + root_dir: "live/dev/" + workflow: default + workflow_file: digger_workflow_dev.yml diff --git a/live/dev/agent/.terraform.lock.hcl b/live/dev/agent/.terraform.lock.hcl deleted file mode 100644 index 4f15286..0000000 --- a/live/dev/agent/.terraform.lock.hcl +++ /dev/null @@ -1,56 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/archive" { - version = "2.5.0" - constraints = "~> 2.0" - hashes = [ - "h1:yKfaZ2J55VStfwgrdXX3ApAnWBZlKvOXHlS0Ucwujfw=", - "zh:0e7c2d37160cab82a9aa9471f82a9b891ace9612de3f65f3a4c4adc11ed79e0e", - "zh:13bfe59219ff933a6f110b7ec7516b6a908317d1c356cd097799d492770a72b0", - "zh:1e0b22c18c5b3b20a6df090e1fa1e3f83e4f71be94a4f4cf48e62618d2d10c6a", - "zh:2898e058ae3e3e678967f928d3d20e4035b0db7543d32f06a4b33e0859ffde90", - "zh:591b2f97ef1ec0f284994dedb33b82b01e07c706d32cba7df7ff249453a6e52f", - "zh:69a49b4e0ef3a6a23c1ea08931b8f287d39ecf9e2706289f8f67c5ad1266817f", - "zh:89463997a628373ecedfdd9129235cd6d5f2d3d6a7ca45b0b13cf64c60e245d4", - "zh:95ab51e9e743fcec8d439a13e9c00550e7ab5424994d06401d7914922aaad690", - "zh:d53f08bf3257f4f54d3aa0e0f427f9bdb41f5836bfe747d0b52176ed0bce28f5", - "zh:dfb3c0c2420290573f21cbab355817daceb3ca7db5e09f575c53022bdcb5e0e5", - ] -} - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.62.0" - constraints = "~> 5.0" - hashes = [ - "h1:DzXMlmL2hRPfACAbN1PUhnLDGY9Kl0vbrt05qSfGsxA=", - "zh:2cb519ce7f3cbcb88b2e93dd3b3424ad85a347fc0e7429661945da5df8a20fda", - "zh:2fc7ed911cceaa1652d1f4090eaa91e8463aba86873910bccf16601260379886", - "zh:395b32d157adeb92571a0efd230c73bbee01744782a50356fb16e8946bd63ffb", - "zh:43303d36af40a568cd40bd54dc9e8430e18c4a4d78682b459dca8c755c717a0c", - "zh:65b2c6e955deeeffb9d9cd4ed97e8c532a453ba690d0e3d88c740f9036bccc4d", - "zh:a9d09dc9daf33b16894ed7d192ceb4c402261da58cded503a3ffa1dd2373e3fb", - "zh:c5e9f8bc4397c2075b6dc62458be51b93322517affd760c161633d56b0b9a334", - "zh:db0921c091402179edd549f8aa4f12dce18aab09d4302e800c67d6ec6ff88a86", - "zh:e7d13f9c0891446d03c29e4fcd60de633f71bbf1bc9786fca47a0ee356ac979a", - "zh:f128a725dbdbd31b9ed8ea478782152339c9fab4d635485763c8da2a477fe3f6", - ] -} - -provider "registry.opentofu.org/hashicorp/random" { - version = "3.6.2" - constraints = "~> 3.0" - hashes = [ - "h1:PXvoOj9gj+Or+9k0tQWCQJKxnsVO0GqnQwVahgwRrsU=", - "zh:1f27612f7099441526d8af59f5b4bdcc35f46915df5d243043d7337ea5a3e38a", - "zh:2a58e66502825db8b4b96116c04bd0323bca1cf1f5752bdd8f9c26feb84d3b1e", - "zh:4f0a4fa479e29de0c3c90146fd58799c097f7a55401cb00560dd4e9b1e6fad9d", - "zh:9c93c0fe6ef685513734527e0c8078636b2cc07591427502a7260f4744b1af1d", - "zh:a466ff5219beb77fb3b18a3d7e7fe30e7edd4d95c8e5c87f4f4e3fe3eeb8c2d7", - "zh:ab33e6176d0c757ddb31e40e01a941e6918ad10f7a786c8e8e4f35e5cff81c96", - "zh:b6eabf377a1c12cb3f9ddd97aacdd5b49c1646dc959074124f81d40fcd216d7e", - "zh:ccec5d03d0d1c0f354be299cdd6a417b2700f1a6781df36bcce77246b2f57e50", - "zh:d2a7945eeb691fdd2b1474da76ddc2d1655e2aedbb14b57f06d4f5123d47adf9", - "zh:ed62351f4ad9d1469c6798b77dee5f63b18b29c473620a0046ba3d4f111b621d", - ] -} diff --git a/live/dev/agent/terragrunt.hcl b/live/dev/agent/terragrunt.hcl deleted file mode 100644 index 6690c7c..0000000 --- a/live/dev/agent/terragrunt.hcl +++ /dev/null @@ -1,146 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "${path_relative_from_include()}/../..//stacks/agent" -} - -dependency "dns" { - config_path = "../dns" -} - -locals { - aws_profile = include.root.locals.aws_profile - aws_regions = include.root.locals.aws_regions - environment = include.root.locals.environment - domain_name = include.root.locals.domain_name - - domain_name_cloudfront = "api.${local.domain_name}" - domain_name_api_gateway = "gateway.${local.domain_name_cloudfront}" - - cloudfront_default_cache_behavior = { - cache_policy = { - min_ttl = 3600 // 1 hour - default_ttl = 86400 // 1 day - max_ttl = 259200 // 3 days - } - } - - cloudfront_ordered_cache_behaviors = [ - { - path_pattern = "/healthz" - cache_policy = { - min_ttl = 5 // 5 seconds - default_ttl = 5 // 5 seconds - max_ttl = 5 // 5 seconds - } - }, - { - path_pattern = "/versionz" - cache_policy = { - min_ttl = 60 // 1 minute - default_ttl = 60 // 1 minute - max_ttl = 60 // 1 minute - } - }, - { - path_pattern = "/suggestions" - allowed_methods = ["GET", "HEAD", "OPTIONS", "DELETE", "POST", "PUT", "PATCH"] - cached_methods = ["GET", "HEAD"] - cache_policy = { - min_ttl = 3600 // 1 hour - default_ttl = 86400 // 1 day - max_ttl = 259200 // 3 days - } - }, - { - path_pattern = "/search" - allowed_methods = ["GET", "HEAD", "OPTIONS", "DELETE", "POST", "PUT", "PATCH"] - cached_methods = ["GET", "HEAD"] - cache_policy = { - min_ttl = 3600 // 1 hour - default_ttl = 86400 // 1 day - max_ttl = 259200 // 3 days - } - }, - { - path_pattern = "/proxy" - allowed_methods = ["GET", "HEAD", "OPTIONS", "DELETE", "POST", "PUT", "PATCH"] - cached_methods = ["GET", "HEAD"] - cache_policy = { - min_ttl = 86400 // 1 day - default_ttl = 1296000 // 15 days - max_ttl = 2592000 // 30 days - } - }, - { - path_pattern = "/exchange" - allowed_methods = ["GET", "HEAD", "OPTIONS", "DELETE", "POST", "PUT", "PATCH"] - cached_methods = ["GET", "HEAD"] - cache_policy = { - min_ttl = 3600 // 1 hour - default_ttl = 86400 // 1 day - max_ttl = 259200 // 3 days - } - }, - { - path_pattern = "/currencies" - cache_policy = { - min_ttl = 3600 // 1 hour - default_ttl = 86400 // 1 day - max_ttl = 259200 // 3 days - } - } - ] - - apigateway_routes = [for behavior in local.cloudfront_ordered_cache_behaviors : behavior.path_pattern] - - lambda_environment = { - "HEARCHCO_SERVER_FRONTENDURLS" = "http://localhost:5173,https://*${local.domain_name}" - } -} - -generate "main" { - path = "main.tf" - if_exists = "overwrite_terragrunt" - contents = < cf_function + : cf_function.name => cf_function.content }, { for cf_function_name, cf_functions in { @@ -11,12 +11,12 @@ resource "aws_cloudfront_function" "cf_functions" { : cache_behavior.function_associations ]) : cf_function.name => cf_function... - } : cf_function_name => cf_functions[0] + } : cf_function_name => cf_functions[0].content } ) - name = each.value.name + name = each.key runtime = "cloudfront-js-2.0" publish = true - code = file(each.value.src_file_path) + code = each.value } diff --git a/modules/cloudfront/variables.tf b/modules/cloudfront/variables.tf index 1e80732..740509e 100644 --- a/modules/cloudfront/variables.tf +++ b/modules/cloudfront/variables.tf @@ -116,9 +116,9 @@ variable "default_cache_behavior" { }) function_associations = optional(set(object({ - name = string - src_file_path = string - event_type = optional(string, "viewer-request") + name = string + content = string + event_type = optional(string, "viewer-request") })), []) lambda_function_associations = optional(set(object({ @@ -145,9 +145,9 @@ variable "ordered_cache_behaviors" { }) function_associations = optional(set(object({ - name = string - src_file_path = string - event_type = optional(string, "viewer-request") + name = string + content = string + event_type = optional(string, "viewer-request") })), []) lambda_function_associations = optional(set(object({ diff --git a/modules/dynamodb/policy.tf b/modules/dynamodb-iam-role/main.tf similarity index 86% rename from modules/dynamodb/policy.tf rename to modules/dynamodb-iam-role/main.tf index 09ad42f..da6cbe1 100644 --- a/modules/dynamodb/policy.tf +++ b/modules/dynamodb-iam-role/main.tf @@ -1,6 +1,4 @@ data "aws_iam_policy_document" "dynamodb_policy_document" { - count = var.lambda_iam_role ? 1 : 0 - statement { effect = "Allow" actions = [ @@ -16,9 +14,7 @@ data "aws_iam_policy_document" "dynamodb_policy_document" { } resource "aws_iam_policy" "dynamodb_policy" { - count = var.lambda_iam_role ? 1 : 0 - name = "${replace(var.name, "-", "_")}_dynamodb_access_policy" description = "Policy to allow Lambda to access DynamoDB" - policy = data.aws_iam_policy_document.dynamodb_policy_document[0].json + policy = data.aws_iam_policy_document.dynamodb_policy_document.json } diff --git a/modules/dynamodb-iam-role/outputs.tf b/modules/dynamodb-iam-role/outputs.tf new file mode 100644 index 0000000..9e69f8d --- /dev/null +++ b/modules/dynamodb-iam-role/outputs.tf @@ -0,0 +1,3 @@ +output "lambda_access_policy_arn" { + value = aws_iam_policy.dynamodb_policy.arn +} diff --git a/modules/dynamodb-iam-role/variables.tf b/modules/dynamodb-iam-role/variables.tf new file mode 100644 index 0000000..3045512 --- /dev/null +++ b/modules/dynamodb-iam-role/variables.tf @@ -0,0 +1,4 @@ +variable "name" { + description = "The name of the DynamoDB table" + type = string +} diff --git a/modules/source-code-archiver/versions.tf b/modules/dynamodb-iam-role/versions.tf similarity index 50% rename from modules/source-code-archiver/versions.tf rename to modules/dynamodb-iam-role/versions.tf index ef8a78c..aa0e9c5 100644 --- a/modules/source-code-archiver/versions.tf +++ b/modules/dynamodb-iam-role/versions.tf @@ -1,9 +1,9 @@ terraform { required_version = ">= 1.5.0" required_providers { - archive = { - source = "hashicorp/archive" - version = "~> 2.0" + aws = { + source = "hashicorp/aws" + version = "~> 5.0" } } } diff --git a/modules/dynamodb/outputs.tf b/modules/dynamodb/outputs.tf index fdd196a..20b0971 100644 --- a/modules/dynamodb/outputs.tf +++ b/modules/dynamodb/outputs.tf @@ -2,6 +2,3 @@ output "dynamodb_table_name" { value = aws_dynamodb_table.table.name } -output "lambda_access_policy_arn" { - value = var.lambda_iam_role ? aws_iam_policy.dynamodb_policy[0].arn : null -} diff --git a/modules/github-asset-downloader/main.tf b/modules/github-asset-downloader/main.tf new file mode 100644 index 0000000..5f35cee --- /dev/null +++ b/modules/github-asset-downloader/main.tf @@ -0,0 +1,10 @@ +data "github_release" "release" { + repository = var.release_repository + owner = var.release_repository_owner + retrieve_by = "tag" + release_tag = var.release_tag +} + +data "http" "downloader" { + url = [for asset in data.github_release.release.assets : asset.browser_download_url if asset.name == var.release_asset_name][0] +} diff --git a/modules/github-asset-downloader/outputs.tf b/modules/github-asset-downloader/outputs.tf new file mode 100644 index 0000000..ee21b64 --- /dev/null +++ b/modules/github-asset-downloader/outputs.tf @@ -0,0 +1,13 @@ +output "content" { + value = data.http.downloader.response_body + # sensitive = true # Not really sensitive, but we don't want to spam the console +} + +output "content_base64" { + value = data.http.downloader.response_body_base64 + sensitive = true # Not really sensitive, but we don't want to spam the console +} + +output "content_base64sha256" { + value = base64sha256(data.http.downloader.response_body_base64) +} diff --git a/modules/github-asset-downloader/variables.tf b/modules/github-asset-downloader/variables.tf new file mode 100644 index 0000000..02bbaaa --- /dev/null +++ b/modules/github-asset-downloader/variables.tf @@ -0,0 +1,19 @@ +variable "release_repository" { + description = "The GitHub repository to download the release from" + type = string +} + +variable "release_repository_owner" { + description = "The owner of the GitHub repository" + type = string +} + +variable "release_tag" { + description = "The release tag on the GitHub repository" + type = string +} + +variable "release_asset_name" { + description = "The name of the asset to download from the release" + type = string +} diff --git a/modules/github-asset-downloader/versions.tf b/modules/github-asset-downloader/versions.tf new file mode 100644 index 0000000..0c17102 --- /dev/null +++ b/modules/github-asset-downloader/versions.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.5.0" + required_providers { + github = { + source = "integrations/github" + version = "~> 6.0" + } + http = { + source = "hashicorp/http" + version = "~> 3.0" + } + } +} diff --git a/modules/s3-src-upload/main.tf b/modules/s3-src-upload/main.tf index a3ee2c2..9b5f593 100644 --- a/modules/s3-src-upload/main.tf +++ b/modules/s3-src-upload/main.tf @@ -26,11 +26,11 @@ resource "aws_s3_bucket_versioning" "source_code_versioning" { } resource "aws_s3_object" "source_code_upload" { - key = var.filename - bucket = aws_s3_bucket.source_code.id - source = var.archive_path - source_hash = var.archive_base64sha256 - content_type = "application/zip" + key = var.filename + bucket = aws_s3_bucket.source_code.id + content_base64 = var.content_base64 + source_hash = var.content_base64sha256 + content_type = "application/zip" lifecycle { create_before_destroy = true diff --git a/modules/s3-src-upload/variables.tf b/modules/s3-src-upload/variables.tf index 8d76ce6..35c9704 100644 --- a/modules/s3-src-upload/variables.tf +++ b/modules/s3-src-upload/variables.tf @@ -20,12 +20,12 @@ variable "filename" { } } -variable "archive_path" { - description = "The path to the archive file to upload" +variable "content_base64" { + description = "The base64-encoded content of the source code archive file" type = string } -variable "archive_base64sha256" { - description = "The base64-encoded SHA256 hash of the archive file" +variable "content_base64sha256" { + description = "The base64-encoded SHA256 hash of the source code archive file" type = string } diff --git a/modules/source-code-archiver/locals.tf b/modules/source-code-archiver/locals.tf deleted file mode 100644 index 3fa0436..0000000 --- a/modules/source-code-archiver/locals.tf +++ /dev/null @@ -1,7 +0,0 @@ -locals { - # Ensure the output filepath ends with ".zip" - output_filepath = var.output_filepath != null && var.output_filepath != "" ? can(regex(".*\\.zip$", var.output_filepath)) ? var.output_filepath : "${var.output_filepath}.zip" : null - - # Extract the output filename ending with ".zip" from the output filepath, e.g. "path/to/file.zip" -> "file.zip" and "file.zip" -> "file.zip" - output_filename = local.output_filepath != null ? regex("(?:[^/]+/)*(.+[.]zip)$", local.output_filepath)[0] : null -} diff --git a/modules/source-code-archiver/main.tf b/modules/source-code-archiver/main.tf deleted file mode 100644 index 868f95d..0000000 --- a/modules/source-code-archiver/main.tf +++ /dev/null @@ -1,8 +0,0 @@ -data "archive_file" "source_code" { - type = "zip" - source_dir = var.source_code.source_dir - source_file = var.source_code.source_file - source_content = var.source_code.content - source_content_filename = var.source_code.content_filename - output_path = local.output_filepath -} diff --git a/modules/source-code-archiver/outputs.tf b/modules/source-code-archiver/outputs.tf deleted file mode 100644 index b1c83be..0000000 --- a/modules/source-code-archiver/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "filename" { - value = local.output_filename -} - -output "output_path" { - value = data.archive_file.source_code.output_path -} - -output "output_base64sha256" { - value = data.archive_file.source_code.output_base64sha256 -} diff --git a/modules/source-code-archiver/variables.tf b/modules/source-code-archiver/variables.tf deleted file mode 100644 index 4d22269..0000000 --- a/modules/source-code-archiver/variables.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "source_code" { - description = "Source of the file to archive, either read from provided filepath or using content" - type = object({ - source_dir = optional(string) - source_file = optional(string) - content = optional(string) - content_filename = optional(string) - }) - - validation { - condition = ( - (var.source_code.source_dir != null && var.source_code.source_file == null && var.source_code.content == null && var.source_code.content_filename == null) || - (var.source_code.source_dir == null && var.source_code.source_file != null && var.source_code.content == null && var.source_code.content_filename == null) || - (var.source_code.source_dir == null && var.source_code.source_file == null && var.source_code.content != null && var.source_code.content_filename != null) - ) - error_message = "Only one of source_dir, source_file or content (with content_filename) must be provided" - } -} - -variable "output_filepath" { - description = "The path to save the archive file to" - type = string - default = "archive.zip" -} diff --git a/stacks/agent/dynamodb.tf b/stacks/agent/dynamodb.tf index 602d43e..6f00936 100644 --- a/stacks/agent/dynamodb.tf +++ b/stacks/agent/dynamodb.tf @@ -1,24 +1,5 @@ -module "cache_database" { - source = "../../modules/dynamodb" +module "dynamodb_policy" { + source = "../../modules/dynamodb-iam-role" - name = var.dynamodb_name - replicas = local.dynamodb_replicas - - attributes = [ - { - name = "Key" - type = "S" - hash_key = true - } - # This value is used in the application but not indexed in the database - # Error: all attributes must be indexed. Unused attributes: ["Value"] - # { - # name = "Value" - # type = "S" - # } - ] - - ttl = { - enabled = true - } + name = var.dynamodb_name } diff --git a/stacks/agent/lambda.tf b/stacks/agent/lambda.tf index 514a9d8..3dfa4c4 100644 --- a/stacks/agent/lambda.tf +++ b/stacks/agent/lambda.tf @@ -1,18 +1,10 @@ -module "image_proxy_secret_key" { - source = "../../modules/secret-generator" - - min_chars = 44 - max_chars = 48 - special = false -} - -module "src_archiver" { - source = "../../modules/source-code-archiver" +module "src_downloader" { + source = "../../modules/github-asset-downloader" - source_code = { - source_file = var.lambda_source_file - } - output_filepath = var.lambda_source_file + release_repository = "agent" + release_repository_owner = "hearchco" + release_tag = var.release_tag + release_asset_name = "hearchco_bootstrap_aws_${var.lambda_architecture == "arm64" ? "arm64" : "amd64"}.zip" } module "lambda_iam" { @@ -21,5 +13,13 @@ module "lambda_iam" { role_name = local.lambda_iam_role_name policy_name = local.lambda_iam_policy_name dynamodb_policy = true - dynamodb_policy_arn = module.cache_database.lambda_access_policy_arn + dynamodb_policy_arn = module.dynamodb_policy.lambda_access_policy_arn +} + +module "image_proxy_secret_key" { + source = "../../modules/secret-generator" + + min_chars = 44 + max_chars = 48 + special = false } diff --git a/stacks/agent/locals.tf b/stacks/agent/locals.tf index e340c02..9d3c7f9 100644 --- a/stacks/agent/locals.tf +++ b/stacks/agent/locals.tf @@ -3,6 +3,7 @@ data "aws_region" "current" {} locals { api_gateway_origin_id = "api-gateway-lambda" + lambda_src_key = "bootstrap.zip" lambda_iam_role_name = "${var.lambda_name}-iam-role" lambda_iam_policy_name = "${var.lambda_name}-iam-policy" @@ -10,14 +11,8 @@ locals { { "HEARCHCO_SERVER_ENVIRONMENT" = "lambda" "HEARCHCO_SERVER_CACHE_TYPE" = "dynamodb" - "HEARCHCO_SERVER_CACHE_DYNAMODB_TABLE" = module.cache_database.dynamodb_table_name "HEARCHCO_SERVER_IMAGEPROXY_SECRETKEY" = module.image_proxy_secret_key.string }, var.lambda_environment ) - - dynamodb_replicas = setsubtract( - var.aws_regions, - [data.aws_region.current.name] - ) } diff --git a/stacks/agent/main.tf.tpl b/stacks/agent/main.tf.tpl index f9e1828..2f9da64 100644 --- a/stacks/agent/main.tf.tpl +++ b/stacks/agent/main.tf.tpl @@ -18,9 +18,9 @@ module "s3_src_${region_underscored}" { bucket_name = var.lambda_src_bucket_name bucket_name_suffix = module.s3_bucket_name_suffix_${region_underscored}.string - filename = module.src_archiver.filename - archive_path = module.src_archiver.output_path - archive_base64sha256 = module.src_archiver.output_base64sha256 + filename = local.lambda_src_key + content_base64 = module.src_downloader.content_base64 + content_base64sha256 = module.src_downloader.content_base64sha256 providers = { aws = aws.${region_underscored} @@ -46,6 +46,7 @@ module "lambda_${region_underscored}" { environment = merge( { "HEARCHCO_SERVER_CACHE_DYNAMODB_REGION" = "${region_dashed}" + "HEARCHCO_SERVER_CACHE_DYNAMODB_TABLE" = module.dynamodb_${region_underscored}.dynamodb_table_name }, local.lambda_environment ) @@ -84,3 +85,31 @@ module "apigateway_${region_underscored}" { aws = aws.${region_underscored} } } + +module "dynamodb_${region_underscored}" { + source = "../../modules/dynamodb" + + name = var.dynamodb_name + + attributes = [ + { + name = "Key" + type = "S" + hash_key = true + } + # This value is used in the application but not indexed in the database + # Error: all attributes must be indexed. Unused attributes: ["Value"] + # { + # name = "Value" + # type = "S" + # } + ] + + ttl = { + enabled = true + } + + providers = { + aws = aws.${region_underscored} + } +} diff --git a/stacks/agent/variables.tf b/stacks/agent/variables.tf index 537beb2..0c9f136 100644 --- a/stacks/agent/variables.tf +++ b/stacks/agent/variables.tf @@ -3,16 +3,16 @@ variable "aws_profile" { type = string } -variable "aws_regions" { - description = "The regions to deploy the stack to (used only for DynamoDB global tables)" - type = set(string) -} - variable "hosted_zone_id" { description = "The ID of the hosted zone for the domain name" type = string } +variable "release_tag" { + description = "The release tag to download & deploy" + type = string +} + ###### Cloudfront variables ##### variable "cloudfront_name" { description = "The name of the CloudFront distribution" @@ -75,11 +75,6 @@ variable "apigateway_routes" { } ##### Lambda variables ##### -variable "lambda_source_file" { - description = "The path to the source code file" - type = string -} - variable "lambda_src_bucket_name" { description = "The name of the bucket to upload the source code to" type = string diff --git a/stacks/frontend/cloudfront.tf b/stacks/frontend/cloudfront.tf index 5bfdeab..7f53474 100644 --- a/stacks/frontend/cloudfront.tf +++ b/stacks/frontend/cloudfront.tf @@ -1,3 +1,12 @@ +module "cdn_src_downloader" { + source = "../../modules/github-asset-downloader" + + release_repository = "frontend" + release_repository_owner = "hearchco" + release_tag = var.release_tag + release_asset_name = "hearchco_cf_index_aws.js" +} + module "cdn_certificate" { source = "../../modules/acm-certificate" @@ -42,8 +51,8 @@ module "cdn" { cache_policy = var.cloudfront_default_cache_behavior.cache_policy function_associations = [{ - name = "sveltekit-rewriter" - src_file_path = var.cloudfront_cf_function_path + name = "sveltekit-rewriter" + content = module.cdn_src_downloader.content }] } @@ -66,8 +75,8 @@ module "cdn" { cache_policy = behavior.cache_policy function_associations = [{ - name = "sveltekit-rewriter" - src_file_path = var.cloudfront_cf_function_path + name = "sveltekit-rewriter" + content = module.cdn_src_downloader.content }] } ] diff --git a/stacks/frontend/lambda.tf b/stacks/frontend/lambda.tf index 96f8dfd..914a411 100644 --- a/stacks/frontend/lambda.tf +++ b/stacks/frontend/lambda.tf @@ -1,10 +1,10 @@ -module "src_archiver" { - source = "../../modules/source-code-archiver" +module "src_downloader" { + source = "../../modules/github-asset-downloader" - source_code = { - source_file = var.lambda_source_file - } - output_filepath = var.lambda_source_file + release_repository = "frontend" + release_repository_owner = "hearchco" + release_tag = var.release_tag + release_asset_name = "hearchco_index_mjs_aws.zip" } module "lambda_iam" { diff --git a/stacks/frontend/locals.tf b/stacks/frontend/locals.tf index 5bfbf25..3e499cc 100644 --- a/stacks/frontend/locals.tf +++ b/stacks/frontend/locals.tf @@ -2,6 +2,7 @@ locals { s3_static_assets_origin_id = "s3-static-assets" api_gateway_origin_id = "api-gateway-lambda" + lambda_src_key = "index.mjs.zip" lambda_iam_role_name = "${var.lambda_name}-iam-role" lambda_iam_policy_name = "${var.lambda_name}-iam-policy" diff --git a/stacks/frontend/main.tf.tpl b/stacks/frontend/main.tf.tpl index 6325542..d7fdccc 100644 --- a/stacks/frontend/main.tf.tpl +++ b/stacks/frontend/main.tf.tpl @@ -18,9 +18,9 @@ module "s3_src_${region_underscored}" { bucket_name = var.lambda_src_bucket_name bucket_name_suffix = module.s3_bucket_name_suffix_${region_underscored}.string - filename = module.src_archiver.filename - archive_path = module.src_archiver.output_path - archive_base64sha256 = module.src_archiver.output_base64sha256 + filename = local.lambda_src_key + content_base64 = module.src_downloader.content_base64 + content_base64sha256 = module.src_downloader.content_base64sha256 providers = { aws = aws.${region_underscored} diff --git a/stacks/frontend/variables.tf b/stacks/frontend/variables.tf index 4ea6818..2c61c75 100644 --- a/stacks/frontend/variables.tf +++ b/stacks/frontend/variables.tf @@ -8,6 +8,11 @@ variable "hosted_zone_id" { type = string } +variable "release_tag" { + description = "The release tag to download & deploy" + type = string +} + ##### Cloudfront variables ##### variable "cloudfront_name" { description = "The name of the CloudFront distribution" @@ -24,11 +29,6 @@ variable "cloudfront_price_class" { type = string } -variable "cloudfront_cf_function_path" { - description = "The path to the CloudFront function source code" - type = string -} - variable "cloudfront_default_cache_behavior" { description = "The default cache behavior of the CloudFront distribution" type = object({ @@ -89,11 +89,6 @@ variable "apigateway_routes" { } ##### Lambda variables ##### -variable "lambda_source_file" { - description = "The path to the source code file" - type = string -} - variable "lambda_src_bucket_name" { description = "The name of the bucket to upload the source code to" type = string diff --git a/todo.md b/todo.md deleted file mode 100644 index b3b6db6..0000000 --- a/todo.md +++ /dev/null @@ -1,4 +0,0 @@ -- [ ] agent: switch to github release binary provider instead of local file -- [ ] frontend: publish build in github release https://github.com/Shopify/upload-to-release, and ^^ -- [ ] ci/cd: digger for both frontend and agent -- [ ] ci/cd: github dispatches to trigger digger