Merge pull request #1207 from nsbno/migrate-to-common-services

Migrate to common-services
nsbno · Sep 6, 2024 · 11e6aac · 11e6aac
2 parents 98a3543 + 33cdfd7
commit 11e6aac
Show file tree

Hide file tree

Showing 12 changed files with 232 additions and 275 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,28 +1,33 @@
 version: 2.1
+orbs:
+  deployment: vydev/[email protected]
+  terraform: circleci/[email protected]
+  aws-ecr: circleci/[email protected]
+  aws-cli: circleci/[email protected]
+
 parameters:
   ecr_repo_name:
     type: string
-    default: "digitalekanaler-spor"
+    default: "spor"
   ecr_endpoint:
     type: string
-    default: "635004941268.dkr.ecr.eu-west-1.amazonaws.com"
+    default: "637423315721.dkr.ecr.eu-west-1.amazonaws.com"
+  pipeline_name:
+    type: string
+    default: "spor-delivery-pipeline"
+  terraform_version:
+    type: string
+    default: "1.8.4"
+  terraform_artifact_name:
+    type: string
+    default: "spor-tf"
 
 jobs:
-  validate-terraform:
-    docker:
-      - image: vydev/terraform:1.0.8
-    steps:
-      - checkout:
-          path: ~/repo
-      - run:
-          name: Validate terraform code
-          command: |
-            printf "Validating terraform code\n"
-            cd ~/repo/apps/docs/terraform/prod
-            terraform init -backend=false && terraform validate
-
-  build-docker:
+  build-and-push-docker:
     parameters:
+      tags:
+        type: string
+        default: "${CIRCLE_SHA1:0:7}"
       ecr_repo_name:
         type: string
         description: "The name of the ECR repository to push Docker images to"
@@ -39,7 +44,6 @@ jobs:
     steps:
       - setup_remote_docker:
           version: docker24
-          docker_layer_caching: true
       - checkout:
           path: ../../
       - run:
@@ -52,26 +56,66 @@ jobs:
             fi
             aws ecr get-login-password --region eu-west-1 \
               | docker login --username AWS --password-stdin "$ECR_ENDPOINT"
-            SHORT_SHA1=`echo ${CIRCLE_SHA1}|cut -c1-7`
             docker build -t ${ECR_ENDPOINT}/<< parameters.ecr_repo_name >> -f Dockerfile .
-            docker tag ${ECR_ENDPOINT}/<< parameters.ecr_repo_name >> "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:commit-${SHORT_SHA1}"
-            docker push "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:commit-${SHORT_SHA1}"
             docker tag ${ECR_ENDPOINT}/<< parameters.ecr_repo_name >> "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:latest"
             docker push "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:latest"
+            docker tag ${ECR_ENDPOINT}/<< parameters.ecr_repo_name >> "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:commit-${CIRCLE_SHA1:0:7}"
+            docker push "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:commit-${CIRCLE_SHA1:0:7}"
+            docker tag ${ECR_ENDPOINT}/<< parameters.ecr_repo_name >> "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:<< pipeline.git.branch >>-branch"
+            docker push "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:<< pipeline.git.branch >>-branch"
+            docker tag ${ECR_ENDPOINT}/<< parameters.ecr_repo_name >> "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:${CIRCLE_SHA1:0:7}"
+            docker push "${ECR_ENDPOINT}/<< parameters.ecr_repo_name >>:${CIRCLE_SHA1:0:7}"
 
+  upload-terraform-artifacts:
+    docker:
+      - image: cimg/base:stable
+    steps:
+      - checkout
+      - deployment/zip-and-upload-artifact:
+          application-name: << pipeline.parameters.terraform_artifact_name >>
+          source-directory: ./apps/docs/
+          source: terraform
 
 workflows:
   version: 2
   build:
     jobs:
-      - validate-terraform
-      - build-docker:
-          context: omnikanal
+      - terraform/validate:
+          tag: << pipeline.parameters.terraform_version >>
+          checkout: true
+          backend: false
+          matrix:
+            parameters:
+              path:
+                - apps/docs/terraform/service
+                - apps/docs/terraform/prod
+
+      - build-and-push-docker:
+          context: digital-common-services
           ecr_repo_name: << pipeline.parameters.ecr_repo_name >>
           ecr_endpoint: << pipeline.parameters.ecr_endpoint >>
           requires:
-            - validate-terraform
+            - terraform/validate
           filters:
             branches:
               only:
                 - main
+
+      - upload-terraform-artifacts:
+          context:
+            - digital-common-services
+          requires:
+            - build-and-push-docker
+          filters:
+            branches:
+              only: main
+
+      - deployment/trigger-deployment:
+          context:
+            - digital-common-services
+          requires:
+            - upload-terraform-artifacts
+            - build-and-push-docker
+          filters:
+            branches:
+              only: main
diff --git a/.deployment/config.yaml b/.deployment/config.yaml
@@ -0,0 +1,16 @@
+artifacts:
+  - name: spor-tf
+    branch: migrate-to-common-services
+    location: s3
+  - name: spor
+    branch: migrate-to-common-services
+    location: ecr
+
+steps:
+  - terraform:
+      artifact: spor-tf
+      version: 1.8.4
+
+environments:
+  - [service]
+  - [prod]
diff --git a/apps/docs/Dockerfile b/apps/docs/Dockerfile
@@ -1,5 +1,5 @@
 # base node image
-FROM node:20-alpine as base
+FROM node:20-alpine AS base
 
 # set for base and all that inherit from it
 ENV NODE_ENV=production
@@ -16,7 +16,7 @@ ADD package.json ./
 RUN npm install --production=false
 
 # Setup production node_modules
-FROM base as production-deps
+FROM base AS production-deps
 
 RUN mkdir /app
 WORKDIR /app
@@ -28,7 +28,7 @@ ADD package.json ./
 RUN npm prune --omit=dev
 
 # Build the app
-FROM base as build
+FROM base AS build
 
 RUN mkdir /app
 WORKDIR /app
@@ -39,7 +39,7 @@ ADD . .
 RUN npm run build
 
 # Finally, build the production image with minimal footprint
-FROM base as final
+FROM base AS final
 
 ENV NODE_ENV=production
 
@@ -57,5 +57,4 @@ COPY --from=build /app/build/server /app/build/server
 COPY --from=build /app/build/client /app/build/client
 ADD . .
 
-ENTRYPOINT ["./entrypoint.sh"]
 CMD ["npm", "run", "start"]
diff --git a/apps/docs/entrypoint.sh b/apps/docs/entrypoint.sh
diff --git a/apps/docs/terraform/prod/.envrc b/apps/docs/terraform/prod/.envrc
@@ -1,2 +1,2 @@
-export AWS_PROFILE=omni-admin
+export AWS_PROFILE=common-prod-admin
 export AWS_REGION=eu-west-1
diff --git a/apps/docs/terraform/prod/.terraform.lock.hcl b/apps/docs/terraform/prod/.terraform.lock.hcl
diff --git a/apps/docs/terraform/prod/main.tf b/apps/docs/terraform/prod/main.tf
@@ -1,42 +1,50 @@
 terraform {
-  required_version = "1.0.8"
+  required_version = "1.8.4"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.65.0"
+      version = "5.54.1"
+    }
+    vy = {
+      source  = "nsbno/vy"
+      version = "0.4.0"
     }
   }
 
   backend "s3" {
-    key            = "spor/prod/main.tfstate"
-    bucket         = "635004941268-terraform-state"
-    dynamodb_table = "635004941268-terraform-state"
+    key            = "spor/main.tfstate"
+    bucket         = "471112960535-terraform-state"
+    dynamodb_table = "471112960535-terraform-state"
     acl            = "bucket-owner-full-control"
     encrypt        = "true"
-    kms_key_id     = "arn:aws:kms:eu-central-1:635004941268:alias/635004941268-terraform-state-encryption-key"
-    region         = "eu-central-1"
+    region         = "eu-west-1"
   }
 }
 
 provider "aws" {
-  region              = "eu-west-1"
-  allowed_account_ids = ["635004941268"]
+  allowed_account_ids = ["471112960535"]
+  default_tags {
+    tags = {
+      repo        = local.application_name
+      application = local.application_name
+      terraform   = true
+    }
+  }
+  region = "eu-west-1"
+}
+
+provider "vy" {
+  environment = local.environment
 }
 
 locals {
-  name_prefix      = "digitalekanaler"
   application_name = "spor"
+  environment      = "prod"
 }
 
 module "app" {
   source           = "../template"
-  name_prefix      = local.name_prefix
   application_name = local.application_name
-
-  tags = {
-    environment = "prod"
-    application = local.application_name
-    terraform   = "True"
-  }
+  environment      = local.environment
 }
diff --git a/apps/docs/terraform/service/.envrc b/apps/docs/terraform/service/.envrc
@@ -0,0 +1,2 @@
+export AWS_PROFILE=common-service-admin
+export AWS_REGION=eu-west-1
diff --git a/apps/docs/terraform/service/.terraform.lock.hcl b/apps/docs/terraform/service/.terraform.lock.hcl
diff --git a/apps/docs/terraform/service/main.tf b/apps/docs/terraform/service/main.tf
@@ -0,0 +1,23 @@
+terraform {
+  backend "s3" {
+    key            = "spor/terraform.tfstate"
+    bucket         = "637423315721-terraform-state"
+    dynamodb_table = "637423315721-terraform-state"
+    acl            = "bucket-owner-full-control"
+    encrypt        = "true"
+    region         = "eu-west-1"
+  }
+}
+
+locals {
+  ecr_repository_name = "spor"
+  service_account     = "637423315721"
+  prod_account        = "471112960535"
+}
+
+module "ecr" {
+  source              = "github.com/nsbno/terraform-aws-ecr?ref=1.4.1"
+  name_prefix         = local.ecr_repository_name
+  trusted_accounts    = [local.prod_account, local.service_account]
+  max_images_retained = 10
+}