Add github actions

maybe
2025-01-29 15:13:53 +00:00 · 2021-11-12 22:47:43 +11:00 · 2021-11-12 22:47:43 +11:00 · 8196780847
commit 8196780847
parent 831da1cfc3
8 changed files with 676 additions and 566 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -0,0 +1,41 @@
+name: 'Terraform GitHub Actions'
+on:
+  push:
+    branches:
+      - main
+env:
+  tf_version: 'latest'
+  tf_working_dir: '.'
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+jobs:
+  terraform:
+    environment: main
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: hashicorp/setup-terraform@v1
+      - name: 'Checkout'
+        uses: actions/checkout@master
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
+      - uses: EndBug/add-and-commit@v7
+        with:
+          message: Terraform fmt [skip ci]
+          committer_name: GitHub Actions
+          committer_email: actions@github.com
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Apply
+        id: apply
+        run: terraform apply
+        continue-on-error: true
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@ -0,0 +1,68 @@
+name: 'Terraform GitHub Actions'
+on:
+  - pull_request
+env:
+  tf_version: 'latest'
+  tf_working_dir: '.'
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+jobs:
+  terraform:
+    environment: main
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: hashicorp/setup-terraform@v1
+      - name: 'Checkout'
+        uses: actions/checkout@master
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
+      - uses: EndBug/add-and-commit@v7
+        with:
+          message: Terraform fmt [skip ci]
+          committer_name: GitHub Actions
+          committer_email: actions@github.com
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan -no-color -out prod.plan
+        continue-on-error: true
+
+      - uses: actions/github-script@0.9.0
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outputs.stdout }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            
+            <details><summary>Show Plan</summary>
+            
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+            
+            </details>
+            
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+              
+            github.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
--- a/cdn.tf
+++ b/cdn.tf
--- a/historic.tf
+++ b/historic.tf
@ -108,9 +108,9 @@ resource "aws_lambda_function" "queue_data_update" {
 }

 resource "aws_sqs_queue" "historic_to_s3" {
-  name                      = "update-history"
-  receive_wait_time_seconds = 0
-  message_retention_seconds = 1209600 # 14 days
+  name                       = "update-history"
+  receive_wait_time_seconds  = 0
+  message_retention_seconds  = 1209600 # 14 days
  visibility_timeout_seconds = 300
 }

--- a/ingestion.tf
+++ b/ingestion.tf
@ -121,15 +121,15 @@ EOF
 // SNS to MQTT

 resource "aws_lambda_function" "sns_to_mqtt" {
-  function_name    = "sns-to-mqtt"
-  handler          = "lambda_function.lambda_handler"
-  filename         = "${path.module}/sns-to-mqtt/Archive.zip" # this should get replaced out when we make a proper build chain
-  publish          = true
-  memory_size      = 128
-  role             = aws_iam_role.basic_lambda_role.arn
-  runtime          = "python3.9"
-  timeout          = 3
-  architectures    = ["arm64"]
+  function_name = "sns-to-mqtt"
+  handler       = "lambda_function.lambda_handler"
+  filename      = "${path.module}/sns-to-mqtt/Archive.zip" # this should get replaced out when we make a proper build chain
+  publish       = true
+  memory_size   = 128
+  role          = aws_iam_role.basic_lambda_role.arn
+  runtime       = "python3.9"
+  timeout       = 3
+  architectures = ["arm64"]
  lifecycle {
    ignore_changes = [environment]
  }
--- a/main.tf
+++ b/main.tf
@ -1,14 +1,12 @@
 terraform {
  backend "s3" {
-    bucket  = "sondehub-terraform"
-    key     = "sondehub-main"
-    region  = "us-east-1"
-    profile = "sondes"
+    bucket = "sondehub-terraform"
+    key    = "sondehub-main"
+    region = "us-east-1"
  }
 }
 provider "aws" {
-  region  = "us-east-1"
-  profile = "sondes"
+  region = "us-east-1"
 }

 locals {
@ -126,3 +124,6 @@ resource "aws_acm_certificate" "CertificateManagerCertificate_root" {
  ]
  validation_method = "DNS"
 }
+
+resource "aws_s3_bucket" "test123" {
+}
--- a/predictor.tf
+++ b/predictor.tf
@ -211,7 +211,7 @@ resource "aws_ecs_task_definition" "tawhiri" {
  container_definitions = jsonencode(
    [
      {
-        command     = [
+        command = [
          "/root/.local/bin/gunicorn",
          "-b",
          "0.0.0.0:8000",
@ -254,16 +254,16 @@ resource "aws_ecs_task_definition" "tawhiri" {
        volumesFrom = []
      },
      {
-        command     = ["daemon"]
-        cpu         = 0
+        command = ["daemon"]
+        cpu     = 0
        environment = [
          {
            name  = "TZ"
            value = "UTC"
          }
        ]
-        essential   = true
-        image       = "${data.aws_caller_identity.current.account_id}.dkr.ecr.us-east-1.amazonaws.com/tawhiri-downloader:latest"
+        essential = true
+        image     = "${data.aws_caller_identity.current.account_id}.dkr.ecr.us-east-1.amazonaws.com/tawhiri-downloader:latest"
        logConfiguration = {
          logDriver = "awslogs"
          options = {
@ -278,7 +278,7 @@ resource "aws_ecs_task_definition" "tawhiri" {
            sourceVolume  = "downloader"
          },
        ]
-        name = "downloader"
+        name        = "downloader"
        volumesFrom = []
      },
    ]
@ -292,7 +292,7 @@ resource "aws_ecs_task_definition" "tawhiri" {
  ]
  tags          = {}
  task_role_arn = aws_iam_role.ecs_execution.arn
- 
+


  volume {
@ -309,7 +309,7 @@ resource "aws_ecs_task_definition" "tawhiri" {
    }
  }

-    volume {
+  volume {
    name = "downloader"
  }

@ -499,7 +499,7 @@ resource "aws_security_group" "tawhiri_efs" {
      security_groups  = [aws_vpc.main.default_security_group_id]
    }
  ]
-    egress = [
+  egress = [
    {
      from_port        = 0
      to_port          = 0
@ -535,7 +535,7 @@ resource "aws_security_group" "tawhiri" {
      security_groups  = [aws_security_group.tawhiri_alb.id, aws_security_group.lb.id]
    }
  ]
-    egress = [
+  egress = [
    {
      from_port        = 0
      to_port          = 0
@ -596,23 +596,23 @@ resource "aws_security_group" "tawhiri_alb" {


 resource "aws_route53_record" "tawhiri_A" {
-    name = "tawhiri"
-    type = "A"
-    alias {
-        name = "dualstack.${aws_lb.ws.dns_name}."
-        zone_id = aws_lb.ws.zone_id
-        evaluate_target_health = true
-    }
-    zone_id = aws_route53_zone.Route53HostedZone.zone_id
+  name = "tawhiri"
+  type = "A"
+  alias {
+    name                   = "dualstack.${aws_lb.ws.dns_name}."
+    zone_id                = aws_lb.ws.zone_id
+    evaluate_target_health = true
+  }
+  zone_id = aws_route53_zone.Route53HostedZone.zone_id
 }

 resource "aws_route53_record" "tawhiri_AAAA" {
-    name = "tawhiri"
-    type = "AAAA"
-    alias {
-        name = "dualstack.${aws_lb.ws.dns_name}."
-        zone_id = aws_lb.ws.zone_id
-        evaluate_target_health = true
-    }
-    zone_id = aws_route53_zone.Route53HostedZone.zone_id
+  name = "tawhiri"
+  type = "AAAA"
+  alias {
+    name                   = "dualstack.${aws_lb.ws.dns_name}."
+    zone_id                = aws_lb.ws.zone_id
+    evaluate_target_health = true
+  }
+  zone_id = aws_route53_zone.Route53HostedZone.zone_id
 }
--- a/websockets.tf
+++ b/websockets.tf
@ -591,7 +591,7 @@ EOF

 resource "aws_iam_role" "ws" {
  name                 = "ws"
-  description = "Allows EC2 instances to call AWS services on your behalf."
+  description          = "Allows EC2 instances to call AWS services on your behalf."
  assume_role_policy   = <<EOF
 {
  "Version": "2012-10-17",
@ -673,45 +673,45 @@ resource "aws_appautoscaling_policy" "ws_reader" {


 resource "aws_route53_record" "ws_reader_A" {
-    name = "ws-reader"
-    type = "A"
-    alias {
-        name = "dualstack.${aws_lb.ws.dns_name}."
-        zone_id = aws_lb.ws.zone_id
-        evaluate_target_health = true
-    }
-    zone_id = aws_route53_zone.Route53HostedZone.zone_id
+  name = "ws-reader"
+  type = "A"
+  alias {
+    name                   = "dualstack.${aws_lb.ws.dns_name}."
+    zone_id                = aws_lb.ws.zone_id
+    evaluate_target_health = true
+  }
+  zone_id = aws_route53_zone.Route53HostedZone.zone_id
 }

 resource "aws_route53_record" "ws_reader_AAAA" {
-    name = "ws-reader"
-    type = "AAAA"
-    alias {
-        name = "dualstack.${aws_lb.ws.dns_name}."
-        zone_id = aws_lb.ws.zone_id
-        evaluate_target_health = true
-    }
-    zone_id = aws_route53_zone.Route53HostedZone.zone_id
+  name = "ws-reader"
+  type = "AAAA"
+  alias {
+    name                   = "dualstack.${aws_lb.ws.dns_name}."
+    zone_id                = aws_lb.ws.zone_id
+    evaluate_target_health = true
+  }
+  zone_id = aws_route53_zone.Route53HostedZone.zone_id
 }

 resource "aws_route53_record" "ws_A" {
-    name = "ws"
-    type = "A"
-    alias {
-        name = "dualstack.${aws_lb.ws.dns_name}."
-        zone_id = aws_lb.ws.zone_id
-        evaluate_target_health = true
-    }
-    zone_id = aws_route53_zone.Route53HostedZone.zone_id
+  name = "ws"
+  type = "A"
+  alias {
+    name                   = "dualstack.${aws_lb.ws.dns_name}."
+    zone_id                = aws_lb.ws.zone_id
+    evaluate_target_health = true
+  }
+  zone_id = aws_route53_zone.Route53HostedZone.zone_id
 }

 resource "aws_route53_record" "ws_AAAA" {
-    name = "ws"
-    type = "AAAA"
-    alias {
-        name = "dualstack.${aws_lb.ws.dns_name}."
-        zone_id = aws_lb.ws.zone_id
-        evaluate_target_health = true
-    }
-    zone_id = aws_route53_zone.Route53HostedZone.zone_id
+  name = "ws"
+  type = "AAAA"
+  alias {
+    name                   = "dualstack.${aws_lb.ws.dns_name}."
+    zone_id                = aws_lb.ws.zone_id
+    evaluate_target_health = true
+  }
+  zone_id = aws_route53_zone.Route53HostedZone.zone_id
 }