-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
14 changed files
with
279 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
version: 2 | ||
updates: | ||
- package-ecosystem: "github-actions" | ||
directory: "/" | ||
schedule: | ||
interval: "monthly" | ||
reviewers: | ||
- "fabasoad" | ||
labels: | ||
- "dependencies" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
name: Analysis | ||
|
||
on: | ||
push: | ||
branches: | ||
- 'main' | ||
- 'bugfix/**' | ||
- 'dependabot/*' | ||
- 'feature/**' | ||
paths: | ||
- '**.tf' | ||
jobs: | ||
checkov: | ||
runs-on: ubuntu-latest | ||
name: checkov-action | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: bridgecrewio/checkov-action@master | ||
with: | ||
directory: / | ||
framework: terraform | ||
output_format: cli | ||
download_external_modules: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
--- | ||
name: Create release | ||
|
||
on: | ||
push: | ||
tags: | ||
- 'v*' | ||
|
||
jobs: | ||
create_release: | ||
name: Release | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
- name: Get latest release tag | ||
id: latest_release | ||
run: | | ||
latest_tag=$(curl --silent "https://api.github.com/repos/${{ github.repository }}/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') | ||
echo "::set-output name=tag::${latest_tag}" | ||
- name: Get current release tag | ||
id: current_release | ||
run: echo "::set-output name=tag::${GITHUB_REF/refs\/tags\//}" | ||
- name: Build changelog | ||
id: changelog | ||
run: | | ||
body=$(git log --pretty=oneline ${{ steps.latest_release.outputs.tag }}..${{ steps.current_release.outputs.tag }}) | ||
body="${body//'%'/'%25'}" | ||
body="${body//$'\n'/'%0A'}" | ||
body="${body//$'\r'/'%0D'}" | ||
echo "::set-output name=body::${body}" | ||
- name: Create release | ||
id: create_release | ||
uses: actions/create-release@v1 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
tag_name: ${{ github.ref }} | ||
release_name: ${{ steps.current_release.outputs.tag }} | ||
body: | | ||
# Changelog | ||
${{ steps.changelog.outputs.body }} | ||
draft: false | ||
prerelease: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
name: Terraform | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
tags: | ||
- 'v*' | ||
branches: | ||
- 'main' | ||
- 'bugfix/**' | ||
- 'dependabot/*' | ||
- 'feature/**' | ||
- 'test-*' | ||
|
||
jobs: | ||
terraform: | ||
name: Terraform | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v2 | ||
- name: Prepare bundle | ||
run: ./build_bundle.sh | ||
- name: Setup Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | ||
- name: Terraform Init | ||
id: init | ||
run: cd terraform && terraform init | ||
- name: Terraform Validate | ||
run: cd terraform && terraform validate -no-color | ||
- name: Terraform Plan | ||
id: plan | ||
run: cd terraform && terraform plan -no-color | ||
continue-on-error: true | ||
- name: Terraform Plan Status | ||
if: steps.plan.outcome == 'failure' | ||
run: exit 1 | ||
- name: Terraform Apply | ||
if: github.event_name == 'workflow_dispatch' | ||
run: cd terraform && terraform apply -auto-approve |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
name: Terraform Lint | ||
|
||
on: | ||
push: | ||
paths: | ||
- '**.tf' | ||
|
||
jobs: | ||
lint: | ||
name: Lint | ||
timeout-minutes: 3 | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Setup Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | ||
- name: Terraform Lint | ||
run: cd terraform && terraform fmt -check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.idea |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
# business-card-deployment | ||
# Deployment for personal website | ||
|
||
Deployment repo for https://github.com/fabasoad/business-card project |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
} | ||
} | ||
backend "remote" { | ||
organization = "fabasoad" | ||
|
||
workspaces { | ||
name = "business-card" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
resource "aws_iam_role" "eb_business_card_role" { | ||
name = "${var.app}_iam" | ||
|
||
assume_role_policy = <<EOF | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Sid": "", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Service": "elasticbeanstalk.amazonaws.com" | ||
}, | ||
"Action": "sts:AssumeRole", | ||
"Condition": { | ||
"StringEquals": { | ||
"sts:ExternalId": "elasticbeanstalk" | ||
} | ||
} | ||
} | ||
] | ||
} | ||
EOF | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
resource "aws_elastic_beanstalk_application" "business_card_app" { | ||
name = "business-card-app" | ||
description = "Personal website" | ||
appversion_lifecycle { | ||
service_role = aws_iam_role.eb_business_card_role.arn | ||
max_count = 128 | ||
delete_source_from_s3 = true | ||
} | ||
} | ||
|
||
resource "aws_elastic_beanstalk_application_version" "business_card_app_version" { | ||
name = "business-card-${var.app_version}" | ||
application = aws_elastic_beanstalk_application.business_card_app.name | ||
description = "application version created by terraform" | ||
bucket = aws_s3_bucket.business_card_bucket.id | ||
key = aws_s3_bucket_object.business_card_payload.id | ||
} | ||
|
||
resource "aws_elastic_beanstalk_environment" "business_card_prod" { | ||
name = "business-card-env" | ||
application = aws_elastic_beanstalk_application.business_card_app.name | ||
solution_stack_name = "64bit Amazon Linux 2 v5.4.4 running Node.js 14" | ||
setting { | ||
namespace = "aws:autoscaling:launchconfiguration" | ||
name = "IamInstanceProfile" | ||
value = "aws-elasticbeanstalk-ec2-role" | ||
} | ||
setting { | ||
namespace = "aws:autoscaling:launchconfiguration" | ||
name = "InstanceType" | ||
value = "t2.micro" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
provider "aws" { | ||
region = var.aws_region | ||
default_tags { | ||
tags = { | ||
"personal:app" = var.app | ||
"personal:deployment" = "tf" | ||
"personal:env" = var.environment | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
data "aws_elastic_beanstalk_hosted_zone" "business_card_zone" { | ||
region = var.aws_region | ||
} | ||
|
||
data "aws_route53_zone" "business_card_zone" { | ||
name = "fabasoad.com" | ||
} | ||
|
||
resource "aws_route53_record" "business_card_record" { | ||
zone_id = data.aws_route53_zone.business_card_zone.zone_id | ||
name = data.aws_route53_zone.business_card_zone.name | ||
type = "A" | ||
alias { | ||
name = aws_elastic_beanstalk_environment.business_card_prod.cname | ||
zone_id = data.aws_elastic_beanstalk_hosted_zone.business_card_zone.id | ||
evaluate_target_health = false | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
locals { | ||
payload_path = "${path.module}/${var.app}-payload.zip" | ||
} | ||
|
||
resource "aws_s3_bucket" "business_card_bucket" { | ||
bucket = "business-card-bucket" | ||
versioning { | ||
enabled = true | ||
} | ||
} | ||
|
||
resource "aws_s3_bucket_object" "business_card_payload" { | ||
bucket = aws_s3_bucket.business_card_bucket.id | ||
key = "beanstalk/${var.app}-payload.zip" | ||
source = local.payload_path | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
variable "app" { | ||
default = "business-card" | ||
description = "Application name" | ||
} | ||
variable "aws_region" { | ||
default = "ap-northeast-1" | ||
description = "AWS region" | ||
} | ||
variable "environment" { | ||
default = "prod" | ||
description = "Environment (prod/stg/dev)" | ||
} | ||
variable "app_version" { | ||
default = "2.6.1" | ||
description = "Application version" | ||
} |