Initial commit

.github/dependabot.yml

@@ -0,0 +1,11 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    reviewers:
+      - "fabasoad"
+    labels:
+      - "dependencies"

.github/workflows/analysis.yml

@@ -0,0 +1,24 @@
+---
+name: Analysis
+
+on:
+  push:
+    branches:
+      - 'main'
+      - 'bugfix/**'
+      - 'dependabot/*'
+      - 'feature/**'
+    paths:
+      - '**.tf'
+jobs:
+  checkov:
+    runs-on: ubuntu-latest
+    name: checkov-action
+    steps:
+      - uses: actions/checkout@v2
+      - uses: bridgecrewio/checkov-action@master
+        with:
+          directory: /
+          framework: terraform
+          output_format: cli
+          download_external_modules: true

.github/workflows/create-release.yml

@@ -0,0 +1,46 @@
+---
+name: Create release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  create_release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Get latest release tag
+        id: latest_release
+        run: |
+          latest_tag=$(curl --silent "https://api.github.com/repos/${{ github.repository }}/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+          echo "::set-output name=tag::${latest_tag}"
+      - name: Get current release tag
+        id: current_release
+        run: echo "::set-output name=tag::${GITHUB_REF/refs\/tags\//}"
+      - name: Build changelog
+        id: changelog
+        run: |
+          body=$(git log --pretty=oneline ${{ steps.latest_release.outputs.tag }}..${{ steps.current_release.outputs.tag }})
+          body="${body//'%'/'%25'}"
+          body="${body//$'\n'/'%0A'}"
+          body="${body//$'\r'/'%0D'}"
+          echo "::set-output name=body::${body}"
+      - name: Create release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: ${{ steps.current_release.outputs.tag }}
+          body: |
+            # Changelog
+
+            ${{ steps.changelog.outputs.body }}
+          draft: false
+          prerelease: false

.github/workflows/terraform.yml

@@ -0,0 +1,43 @@
+---
+name: Terraform
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'v*'
+    branches:
+      - 'main'
+      - 'bugfix/**'
+      - 'dependabot/*'
+      - 'feature/**'
+      - 'test-*'
+
+jobs:
+  terraform:
+    name: Terraform
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Prepare bundle
+        run: ./build_bundle.sh
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+      - name: Terraform Init
+        id: init
+        run: cd terraform && terraform init
+      - name: Terraform Validate
+        run: cd terraform && terraform validate -no-color
+      - name: Terraform Plan
+        id: plan
+        run: cd terraform && terraform plan -no-color
+        continue-on-error: true
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+      - name: Terraform Apply
+        if: github.event_name == 'workflow_dispatch'
+        run: cd terraform && terraform apply -auto-approve

.github/workflows/tf-lint.yml

@@ -0,0 +1,21 @@
+---
+name: Terraform Lint
+
+on:
+  push:
+    paths:
+      - '**.tf'
+
+jobs:
+  lint:
+    name: Lint
+    timeout-minutes: 3
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+      - name: Terraform Lint
+        run: cd terraform && terraform fmt -check

.gitignore

@@ -0,0 +1 @@
+.idea

README.md

@@ -1,2 +1,3 @@
-# business-card-deployment
+# Deployment for personal website
+
 Deployment repo for https://github.com/fabasoad/business-card project

backend.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+  }
+  backend "remote" {
+    organization = "fabasoad"
+
+    workspaces {
+      name = "business-card"
+    }
+  }
+}

iam.tf

@@ -0,0 +1,24 @@
+resource "aws_iam_role" "eb_business_card_role" {
+  name = "${var.app}_iam"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "elasticbeanstalk.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole",
+      "Condition": {
+        "StringEquals": {
+          "sts:ExternalId": "elasticbeanstalk"
+        }
+      }
+    }
+  ]
+}
+EOF
+}

main.tf

@@ -0,0 +1,33 @@
+resource "aws_elastic_beanstalk_application" "business_card_app" {
+  name        = "business-card-app"
+  description = "Personal website"
+  appversion_lifecycle {
+    service_role          = aws_iam_role.eb_business_card_role.arn
+    max_count             = 128
+    delete_source_from_s3 = true
+  }
+}
+
+resource "aws_elastic_beanstalk_application_version" "business_card_app_version" {
+  name        = "business-card-${var.app_version}"
+  application = aws_elastic_beanstalk_application.business_card_app.name
+  description = "application version created by terraform"
+  bucket      = aws_s3_bucket.business_card_bucket.id
+  key         = aws_s3_bucket_object.business_card_payload.id
+}
+
+resource "aws_elastic_beanstalk_environment" "business_card_prod" {
+  name                = "business-card-env"
+  application         = aws_elastic_beanstalk_application.business_card_app.name
+  solution_stack_name = "64bit Amazon Linux 2 v5.4.4 running Node.js 14"
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "IamInstanceProfile"
+    value     = "aws-elasticbeanstalk-ec2-role"
+  }
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "InstanceType"
+    value     = "t2.micro"
+  }
+}

provider.tf

@@ -0,0 +1,10 @@
+provider "aws" {
+  region = var.aws_region
+  default_tags {
+    tags = {
+      "personal:app"        = var.app
+      "personal:deployment" = "tf"
+      "personal:env"        = var.environment
+    }
+  }
+}

r53.tf

@@ -0,0 +1,18 @@
+data "aws_elastic_beanstalk_hosted_zone" "business_card_zone" {
+  region = var.aws_region
+}
+
+data "aws_route53_zone" "business_card_zone" {
+  name = "fabasoad.com"
+}
+
+resource "aws_route53_record" "business_card_record" {
+  zone_id = data.aws_route53_zone.business_card_zone.zone_id
+  name    = data.aws_route53_zone.business_card_zone.name
+  type    = "A"
+  alias {
+    name                   = aws_elastic_beanstalk_environment.business_card_prod.cname
+    zone_id                = data.aws_elastic_beanstalk_hosted_zone.business_card_zone.id
+    evaluate_target_health = false
+  }
+}

s3.tf

@@ -0,0 +1,16 @@
+locals {
+  payload_path = "${path.module}/${var.app}-payload.zip"
+}
+
+resource "aws_s3_bucket" "business_card_bucket" {
+  bucket = "business-card-bucket"
+  versioning {
+    enabled = true
+  }
+}
+
+resource "aws_s3_bucket_object" "business_card_payload" {
+  bucket = aws_s3_bucket.business_card_bucket.id
+  key    = "beanstalk/${var.app}-payload.zip"
+  source = local.payload_path
+}

variables.tf

@@ -0,0 +1,16 @@
+variable "app" {
+  default     = "business-card"
+  description = "Application name"
+}
+variable "aws_region" {
+  default     = "ap-northeast-1"
+  description = "AWS region"
+}
+variable "environment" {
+  default     = "prod"
+  description = "Environment (prod/stg/dev)"
+}
+variable "app_version" {
+  default     = "2.6.1"
+  description = "Application version"
+}