Merge pull request #14 from aws-educate-tw/SCRUM-22-Build-a-CI-CD-pip…

…eline-to-ensure-continuous-delivery

Scrum 22 build a ci cd pipeline to ensure continuous delivery

.github/workflows/terraform.yaml

@@ -0,0 +1,117 @@
+name: "Terraform Infrastructure Change Management Pipeline with GitHub Actions"
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - poc
+    paths:
+      - terraform/**
+  pull_request:
+    branches:
+      - main
+      - dev
+      - poc
+    paths:
+      - terraform/**
+
+env:
+  # verbosity setting for Terraform logs
+  TF_LOG: INFO
+  # Credentials for deployment to AWS
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  # S3 bucket for the Terraform state
+
+jobs:
+  terraform:
+    name: "Terraform Infrastructure Change Management"
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Checkout the repository to the runner
+        uses: actions/checkout@v2
+
+      - name: Setup Terraform with specified version on the runner
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.8.3
+
+      - name: Set environment variables
+        id: set-env
+        run: |
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            echo "::set-output name=env::prod"
+            echo "::set-output name=dir::./terraform/prod"
+            echo "::set-output name=tfvars::variables_prod.tfvars"
+          elif [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
+            echo "::set-output name=env::dev"
+            echo "::set-output name=dir::./terraform/dev"
+            echo "::set-output name=tfvars::variables_dev.tfvars"
+          elif [[ "${{ github.ref }}" == "refs/heads/poc" ]]; then
+            echo "::set-output name=env::poc"
+            echo "::set-output name=dir::./terraform/poc"
+            echo "::set-output name=tfvars::variables_poc.tfvars"
+          fi
+
+      - name: Terraform init
+        id: init
+        working-directory: ${{ steps.set-env.outputs.dir }}
+        run: terraform init"
+
+      - name: Terraform format
+        id: fmt
+        working-directory: ${{ steps.set-env.outputs.dir }}
+        run: terraform fmt -check
+
+      - name: Terraform validate
+        id: validate
+        working-directory: ${{ steps.set-env.outputs.dir }}
+        run: terraform validate
+
+      - name: Terraform plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        working-directory: ${{ steps.set-env.outputs.dir }}
+        run: terraform plan -no-color -input=false -var-file="${{ steps.set-env.outputs.tfvars }}"
+        continue-on-error: true
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+            <details><summary>Show Plan</summary>
+
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+
+            </details>
+            *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        working-directory: ${{ steps.set-env.outputs.dir }}
+        run: terraform apply -auto-approve -input=false -var-file="${{ steps.set-env.outputs.tfvars }}"

src/file_service/terraform/iam.tf

@@ -1,5 +1,5 @@
-resource "aws_iam_role" "lambda_exec_role" {
-  name = "lambda_exec_role"
+resource "aws_iam_role" "list_files_lambda_exec_role" {
+  name = "list_files_lambda_exec_role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [{
@@ -16,7 +16,4 @@ resource "aws_iam_role" "lambda_exec_role" {
     "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess"
   ]
 
-  lifecycle {
-    prevent_destroy = true
-  }
 }

src/file_service/terraform/lambda.tf

@@ -7,7 +7,7 @@ data "archive_file" "lambda_zip" {
 resource "aws_lambda_function" "list_files" {
   filename         = data.archive_file.lambda_zip.output_path
   function_name    = "list_files"
-  role             = aws_iam_role.lambda_exec_role.arn
+  role             = aws_iam_role.list_files_lambda_exec_role.arn
   handler          = "list_files_function.lambda_handler"
   source_code_hash = filebase64sha256(data.archive_file.lambda_zip.output_path)
   runtime          = "python3.11"