Merge pull request 'Add Terraform Provisioning.' (#1) from feat/terraform into main

Reviewed-on: https://code.maximhutz.com/Web/Portfolio/pulls/1

.gitea/workflows/prepare.yml

@@ -1,39 +0,0 @@
-name: Prepare changes for deployment.
-
-on:
-  push:
-    branches:
-      - 'main'
-
-jobs:
-  prepare:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          token: ${{ secrets.SECRET }}
-  
-      - uses: actions/setup-node@v3
-        with:
-          node-version: '16'
-
-      - name: Install dependencies.
-        run: npm i -g terser csso-cli
-
-      - name: "Copying changes over to build."
-        run: git checkout -b build
-
-      - name: Minify files.
-        run: |
-          find . -name "*.js" -type f -exec terser {} -c -o {} \;
-          find . -name "*.css" -type f -exec csso {} -o {} \;
-      
-      - name: "Commiting changes."
-        run: |
-          git config user.name github-actions
-          git config user.email noreply@github.com
-          git commit -am "Preparing changes for deployment."
-  
-      - name: "Pushing changes."
-        run: git push -uf origin build

.gitignore

@@ -4,5 +4,48 @@ _site
 vendor
 .vscode
 .DS_Store
-Gemfile
+secrets
-Gemfile.lock
+secret.tfvars
+
+# ---> Terraform
+# Local .terraform directories
+.terraform
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+*.terraformrc
+terraform.rc
+
+# ---------------------------------------------------------------------------- #
+
+# Custom ignores.
+
+*.tfvars
+*.tfbackend

Gemfile

@@ -0,0 +1,33 @@
+source "https://rubygems.org"
+# Hello! This is where you manage which Jekyll version is used to run.
+# When you want to use a different version, change it below, save the
+# file and run `bundle install`. Run Jekyll with `bundle exec`, like so:
+#
+#     bundle exec jekyll serve
+#
+# This will help ensure the proper Jekyll version is running.
+# Happy Jekylling!
+gem "jekyll", "~> 4.3.4"
+# This is the default theme for new Jekyll sites. You may change this to anything you like.
+gem "minima", "~> 2.5"
+# If you want to use GitHub Pages, remove the "gem "jekyll"" above and
+# uncomment the line below. To upgrade, run `bundle update github-pages`.
+# gem "github-pages", group: :jekyll_plugins
+# If you have any plugins, put them here!
+group :jekyll_plugins do
+  gem "jekyll-feed", "~> 0.12"
+end
+
+# Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem
+# and associated library.
+platforms :mingw, :x64_mingw, :mswin, :jruby do
+  gem "tzinfo", ">= 1", "< 3"
+  gem "tzinfo-data"
+end
+
+# Performance-booster for watching directories on Windows
+gem "wdm", "~> 0.1", :platforms => [:mingw, :x64_mingw, :mswin]
+
+# Lock `http_parser.rb` gem to `v0.6.x` on JRuby builds since newer versions of the gem
+# do not have a Java counterpart.
+gem "http_parser.rb", "~> 0.6.0", :platforms => [:jruby]

Gemfile.lock

@@ -0,0 +1,169 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    bigdecimal (3.1.9)
+    colorator (1.1.0)
+    concurrent-ruby (1.3.4)
+    em-websocket (0.5.3)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0)
+    eventmachine (1.2.7)
+    ffi (1.17.1)
+    ffi (1.17.1-aarch64-linux-gnu)
+    ffi (1.17.1-aarch64-linux-musl)
+    ffi (1.17.1-arm-linux-gnu)
+    ffi (1.17.1-arm-linux-musl)
+    ffi (1.17.1-arm64-darwin)
+    ffi (1.17.1-x86-linux-gnu)
+    ffi (1.17.1-x86-linux-musl)
+    ffi (1.17.1-x86_64-darwin)
+    ffi (1.17.1-x86_64-linux-gnu)
+    ffi (1.17.1-x86_64-linux-musl)
+    forwardable-extended (2.6.0)
+    google-protobuf (4.29.3)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.29.3-aarch64-linux)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.29.3-arm64-darwin)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.29.3-x86-linux)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.29.3-x86_64-darwin)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.29.3-x86_64-linux)
+      bigdecimal
+      rake (>= 13)
+    http_parser.rb (0.8.0)
+    i18n (1.14.6)
+      concurrent-ruby (~> 1.0)
+    jekyll (4.3.4)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 1.0)
+      jekyll-sass-converter (>= 2.0, < 4.0)
+      jekyll-watch (~> 2.0)
+      kramdown (~> 2.3, >= 2.3.1)
+      kramdown-parser-gfm (~> 1.0)
+      liquid (~> 4.0)
+      mercenary (>= 0.3.6, < 0.5)
+      pathutil (~> 0.9)
+      rouge (>= 3.0, < 5.0)
+      safe_yaml (~> 1.0)
+      terminal-table (>= 1.8, < 4.0)
+      webrick (~> 1.7)
+    jekyll-feed (0.17.0)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-sass-converter (3.0.0)
+      sass-embedded (~> 1.54)
+    jekyll-seo-tag (2.8.0)
+      jekyll (>= 3.8, < 5.0)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    kramdown (2.5.1)
+      rexml (>= 3.3.9)
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    liquid (4.0.4)
+    listen (3.9.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    mercenary (0.4.0)
+    minima (2.5.2)
+      jekyll (>= 3.5, < 5.0)
+      jekyll-feed (~> 0.9)
+      jekyll-seo-tag (~> 2.1)
+    pathutil (0.16.2)
+      forwardable-extended (~> 2.6)
+    public_suffix (6.0.1)
+    rake (13.2.1)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.11.1)
+      ffi (~> 1.0)
+    rexml (3.4.0)
+    rouge (4.5.1)
+    safe_yaml (1.0.5)
+    sass-embedded (1.83.1)
+      google-protobuf (~> 4.29)
+      rake (>= 13)
+    sass-embedded (1.83.1-aarch64-linux-android)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-aarch64-linux-gnu)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-aarch64-linux-musl)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-aarch64-mingw-ucrt)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-arm-linux-androideabi)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-arm-linux-gnueabihf)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-arm-linux-musleabihf)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-arm64-darwin)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-riscv64-linux-android)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-riscv64-linux-gnu)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-riscv64-linux-musl)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-x86_64-cygwin)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-x86_64-darwin)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-x86_64-linux-android)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-x86_64-linux-gnu)
+      google-protobuf (~> 4.29)
+    sass-embedded (1.83.1-x86_64-linux-musl)
+      google-protobuf (~> 4.29)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    unicode-display_width (2.6.0)
+    webrick (1.9.1)
+
+PLATFORMS
+  aarch64-linux
+  aarch64-linux-android
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  aarch64-mingw-ucrt
+  arm-linux-androideabi
+  arm-linux-gnu
+  arm-linux-gnueabihf
+  arm-linux-musl
+  arm-linux-musleabihf
+  arm64-darwin
+  riscv64-linux-android
+  riscv64-linux-gnu
+  riscv64-linux-musl
+  ruby
+  x86-linux
+  x86-linux-gnu
+  x86-linux-musl
+  x86_64-cygwin
+  x86_64-darwin
+  x86_64-linux
+  x86_64-linux-android
+  x86_64-linux-gnu
+  x86_64-linux-musl
+
+DEPENDENCIES
+  http_parser.rb (~> 0.6.0)
+  jekyll (~> 4.3.4)
+  jekyll-feed (~> 0.12)
+  minima (~> 2.5)
+  tzinfo (>= 1, < 3)
+  tzinfo-data
+  wdm (~> 0.1)
+
+BUNDLED WITH
+   2.6.2

README.md

@@ -1,5 +1,7 @@
 # 🖼️ Max Hutz's Digital Portfolio
-### Hey!
+
+Hey!
+
 I'm Max Hutz, and this is my personal website.
 
 It details who I am, what I've done, and were I'm headed in the field of software engineering. (And it looks cool too!)

Taskfile.yml

@@ -0,0 +1,16 @@
+version: 3
+
+env: { TF: terraform -chdir=terraform }
+silent: true
+
+tasks:
+  tf/init: $TF init -backend-config=s3.tfbackend
+  tf/plan: $TF plan
+  tf/destroy: $TF destroy
+  tf/format: $TF fmt -recursive
+  tf/apply: 
+    - $TF apply
+    - $TF output -json > terraform.secrets
+
+  action: act -W .gitea/workflows --container-architecture linux/amd64
+  dev: bundle exec jekyll serve

_config.yml

@@ -0,0 +1,5 @@
+exclude:
+  - "*.yml"
+  - "*.md"
+  - "LICENSE"
+  - "terraform/*"

terraform/main.tf

@@ -0,0 +1,59 @@
+# Create the S3 bucket.
+
+resource "aws_s3_bucket" "portfolio_bucket" {
+  bucket = var.bucket_name
+
+  tags = {
+    Name        = "Portfolio Bucket"
+    Environment = "Production"
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "portfolio_bucket_access" {
+  bucket = aws_s3_bucket.portfolio_bucket.id
+
+  block_public_acls   = false
+  block_public_policy = false
+}
+
+resource "aws_s3_bucket_versioning" "portfolio_bucket_access_versioning" {
+  bucket = aws_s3_bucket.portfolio_bucket.id
+
+  versioning_configuration {
+    status = "Disabled"
+  }
+}
+
+#------------------------------------------------------------------------------#
+
+# Give a user access.
+
+data "aws_iam_policy_document" "portfolio_bucket_policy_doc" {
+  statement {
+    effect  = "Allow"
+    actions = ["s3:*", "s3-object-lambda:*"]
+    resources = [
+      "${aws_s3_bucket.portfolio_bucket.arn}/*",
+      "${aws_s3_bucket.portfolio_bucket.arn}"
+    ]
+  }
+}
+
+resource "aws_iam_policy" "portfolio_bucket_policy" {
+  name        = "${var.role_name}Policy"
+  description = "The policy that manages the Portfolio Bucket."
+  policy      = data.aws_iam_policy_document.portfolio_bucket_policy_doc.json
+}
+
+resource "aws_iam_user" "portfolio_bucket_user" {
+  name = "${var.role_name}User"
+}
+
+resource "aws_iam_user_policy_attachment" "portfolio_bucket_attachment" {
+  user       = aws_iam_user.portfolio_bucket_user.name
+  policy_arn = aws_iam_policy.portfolio_bucket_policy.arn
+}
+
+resource "aws_iam_access_key" "portfolio_bucket_key" {
+  user = aws_iam_user.portfolio_bucket_user.name
+}

terraform/outputs.tf

@@ -0,0 +1,16 @@
+output "access_region" {
+  value = aws_s3_bucket.portfolio_bucket.region
+  description = "This is the region of the bucket."
+}
+
+output "access_id" {
+  value = aws_iam_access_key.portfolio_bucket_key.id
+  description = "This is the access ID to modify the bucket."
+  sensitive = true
+}
+
+output "access_secret" {
+  value = aws_iam_access_key.portfolio_bucket_key.secret
+  description = "This is the access secret to modify the bucket."
+  sensitive = true
+}

terraform/variables.tf

@@ -0,0 +1,9 @@
+variable "bucket_name" {
+  type = string
+  description = "The name of the bucket to create."
+}
+
+variable "role_name" {
+  type = string
+  description = "The base name for the role to modify the bucket."
+}