Merge pull request #15 from aws-educate-tw/SCRUM-22-Build-a-CI-CD-pip…

…eline-to-ensure-continuous-delivery [TEST] Scrum 22 build a ci cd pipeline to ensure continuous delivery
aws-educate-tw · Jun 10, 2024 · 0cc053d · 0cc053d
2 parents 51a4cc5 + aa57e56
commit 0cc053d
Show file tree

Hide file tree

Showing 14 changed files with 150 additions and 88 deletions.
diff --git a/.github/workflows/slack_notification.yaml b/.github/workflows/slack_notification.yaml
@@ -0,0 +1,26 @@
+name: Slack Deployment Notification
+
+on:
+  workflow_run:
+    workflows:
+      - "Terraform Infrastructure Change Management Pipeline with GitHub Actions"
+    types:
+      - completed
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    if: >
+      github.event.workflow_run.conclusion == 'success' ||
+      github.event.workflow_run.conclusion == 'failure'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Slack Notification
+        uses: 8398a7/action-slack@v3
+        with:
+          status: ${{ github.event.workflow_run.conclusion }}
+          fields: repo,message,commit,author
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
@@ -24,6 +24,11 @@ env:
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
   # S3 bucket for the Terraform state
 
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
 jobs:
   terraform:
     name: "Terraform Infrastructure Change Management"
@@ -83,6 +88,7 @@ jobs:
       - uses: actions/github-script@v6
         if: github.event_name == 'pull_request'
         env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
         with:
           script: |
@@ -98,6 +104,7 @@ jobs:
             \`\`\`
 
             </details>
+
             *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
 
             github.rest.issues.createComment({

diff --git a/terraform/dev/.terraform.lock.hcl b/terraform/dev/.terraform.lock.hcl
diff --git a/terraform/dev/backend_setting/s3.tf b/terraform/dev/backend_setting/s3.tf
@@ -1,5 +1,5 @@
 resource "aws_s3_bucket" "state" {
-  bucket_prefix = "dev-terraform-state-"
+  bucket_prefix = "terraform-state-"
 
   tags = {
     Terraform = "true"

diff --git a/terraform/dev/cloudfront.tf b/terraform/dev/cloudfront.tf
@@ -1,30 +1,21 @@
-resource "aws_cloudfront_distribution" "api_distribution" {
-  enabled             = true
-  is_ipv6_enabled     = true
-  comment             = "CloudFront distribution for multiple API Gateways"
-  default_root_object = ""
+module "cloudfront" {
+  source  = "terraform-aws-modules/cloudfront/aws"
+  version = "3.4.0"
 
   aliases = [var.domain_name]
 
-  viewer_certificate {
-    acm_certificate_arn      = var.acm_certificate_arn
-    ssl_support_method       = "sni-only"
-    minimum_protocol_version = "TLSv1.2_2021"
-  }
-
-  restrictions {
-    geo_restriction {
-      restriction_type = "none"
-    }
-  }
+  comment             = "CloudFront distribution for multiple API Gateways"
+  enabled             = true
+  is_ipv6_enabled     = true
+  price_class         = "PriceClass_All"
+  retain_on_delete    = false
+  wait_for_deployment = false
 
-  dynamic "origin" {
-    for_each = var.api_gateway_origins
-    content {
-      domain_name = origin.value.domain_name
-      origin_id   = origin.value.domain_name
 
-      custom_origin_config {
+  origin = {
+    for o in var.api_gateway_origins : o.domain_name => {
+      domain_name = o.domain_name
+      custom_origin_config = {
         http_port              = 80
         https_port             = 443
         origin_protocol_policy = "https-only"
@@ -33,56 +24,32 @@ resource "aws_cloudfront_distribution" "api_distribution" {
     }
   }
 
-  dynamic "cache_behavior" {
-    for_each = var.api_gateway_origins
-    content {
-      path_pattern           = cache_behavior.value.path_pattern
-      target_origin_id       = cache_behavior.value.domain_name
-      viewer_protocol_policy = "redirect-to-https"
-
-      allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
-      cached_methods  = ["GET", "HEAD"]
-
-      forwarded_values {
-        query_string = true
-        headers      = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method"]
-      }
-
-      min_ttl     = 0
-      default_ttl = 3600
-      max_ttl     = 86400
-
-      lambda_function_association {
-        event_type = "origin-response"
-        lambda_arn = var.simple_cors_lambda_arn
-      }
-    }
-  }
-
-  default_cache_behavior {
+  default_cache_behavior = {
     target_origin_id       = var.api_gateway_origins[0].domain_name
     viewer_protocol_policy = "redirect-to-https"
+    allowed_methods        = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
+    cached_methods         = ["GET", "HEAD"]
+    compress               = true
+    query_string           = true
+    headers                = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method"]
+  }
 
-    allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
-    cached_methods  = ["GET", "HEAD"]
-
-    forwarded_values {
-      cookies {
-        forward = "none"
-      }
-      query_string = true
-      headers      = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method"]
+  ordered_cache_behavior = [
+    for o in var.api_gateway_origins :
+    {
+      path_pattern           = o.path_pattern
+      target_origin_id       = o.domain_name
+      viewer_protocol_policy = "redirect-to-https"
+      allowed_methods        = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
+      cached_methods         = ["GET", "HEAD"]
+      compress               = true
+      query_string           = true
+      headers                = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method"]
     }
+  ]
 
-    min_ttl     = 0
-    default_ttl = 3600
-    max_ttl     = 86400
-
-  }
-
-  logging_config {
-    include_cookies = false
-    bucket          = "aws-eudcate-tpet-cloudfront-logging-bucket.s3.amazonaws.com"
-    prefix          = "cloudfront/"
+  viewer_certificate = {
+    acm_certificate_arn = var.acm_certificate_arn
+    ssl_support_method  = "sni-only"
   }
 }
diff --git a/terraform/dev/main.tf b/terraform/dev/main.tf
@@ -1,5 +1,5 @@
 module "list_files" {
-  source      = "./../src/file_service/terraform"
+  source      = "./../../src/file_service/terraform"
   aws_region  = var.aws_region
   environment = var.environment
 }

diff --git a/terraform/dev/output.tf b/terraform/dev/output.tf
@@ -1,7 +1 @@
-output "bucket_name" {
-  value = aws_s3_bucket.state.bucket
-}
 
-output "dynamodb_table_name" {
-  value = aws_dynamodb_table.state_locks.name
-}
diff --git a/terraform/dev/route53.tf b/terraform/dev/route53.tf
@@ -1,11 +1,17 @@
-resource "aws_route53_record" "api_alias" {
+module "records" {
+  source  = "terraform-aws-modules/route53/aws//modules/records"
+  version = "3.1.0"
+
   zone_id = var.zone_id
-  name    = var.domain_name
-  type    = "A"
 
-  alias {
-    name                   = aws_cloudfront_distribution.api_distribution.domain_name
-    zone_id                = aws_cloudfront_distribution.api_distribution.hosted_zone_id
-    evaluate_target_health = false
-  }
+  records = [
+    {
+      name = "api.tpet"
+      type = "A"
+      alias = {
+        name    = module.cloudfront.cloudfront_distribution_domain_name
+        zone_id = module.cloudfront.cloudfront_distribution_hosted_zone_id
+      }
+    }
+  ]
 }
diff --git a/terraform/dev/terraform.tf b/terraform/dev/terraform.tf
@@ -1,6 +1,6 @@
 terraform {
   backend "s3" {
-    bucket         = "terraform-state-20240610095057872800000001"
+    bucket         = "terraform-state-20240610123048790400000001"
     key            = "dev/terraform.tfstate"
     region         = "ap-northeast-1"
     dynamodb_table = "terraform-locks"

diff --git a/terraform/dev/variables.tf b/terraform/dev/variables.tf
@@ -30,10 +30,27 @@ variable "api_gateway_origins" {
       path_pattern = "/dev/campaigns*"
     },
     {
-      # Files Service
+      # File Service - List files & Get file by ID
       domain_name  = "8um2zizr80.execute-api.ap-northeast-1.amazonaws.com"
       path_pattern = "/dev/files*"
+    },
+    {
+      # File Service - Upload file
+      domain_name  = "ssckvgoo10.execute-api.ap-northeast-1.amazonaws.com"
+      path_pattern = "/dev/upload-file*"
+    },
+    {
+      # File Service - Upload multiple files
+      domain_name  = "sojek1stci.execute-api.ap-northeast-1.amazonaws.com"
+      path_pattern = "/dev/upload-multiple-file*"
+    },
+
+    {
+      # Email Service - Send Email
+      domain_name  = "diyf4tafbl.execute-api.ap-northeast-1.amazonaws.com"
+      path_pattern = "/dev/send-email*"
     }
+
   ]
 }
 

diff --git a/terraform/poc/backend.tf b/terraform/poc/backend.tf
diff --git a/terraform/poc/backend_setting/s3.tf b/terraform/poc/backend_setting/s3.tf
@@ -1,5 +1,5 @@
 resource "aws_s3_bucket" "state" {
-  bucket_prefix = "poc-terraform-state-"
+  bucket_prefix = "terraform-state-"
 
   tags = {
     Terraform = "true"

diff --git a/terraform/poc/terraform.tf b/terraform/poc/terraform.tf
@@ -1,6 +1,6 @@
 terraform {
   backend "s3" {
-    bucket         = "poc-terraform-state-20240610102132009600000001"
+    bucket         = "terraform-state-20240610123048790400000001"
     key            = "poc/terraform.tfstate"
     region         = "ap-northeast-1"
     dynamodb_table = "terraform-locks"

diff --git a/test.txt b/test.txt
@@ -1 +1,2 @@
 test
+test