diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml new file mode 100644 index 0000000..f3f48cf --- /dev/null +++ b/.github/workflows/deployment.yml @@ -0,0 +1,84 @@ +name: Build & Deploy + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + infrastructure: + name: Build Infrastructure + runs-on: ubuntu-latest + env: + RUNNER_TOOL_CACHE: /toolcache + + steps: + - name: Checkout to Repository + uses: actions/checkout@v2 + + - name: Set-up Terraform + uses: hashicorp/setup-terraform@v2 + + - name: Format Terraform + run: terraform fmt -check + working-directory: ./terraform + + - name: Initialize Terraform Back-end + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + run: terraform init + working-directory: ./terraform + + - name: Terraform Plan + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + run: terraform plan -out=tfplan -no-color + working-directory: ./terraform + + - name: Check if there are changes + id: check_changes + run: | + if [ -n "$(terraform show -no-color tfplan | grep -E 'No changes.')" ]; then + echo "No changes detected." + echo "::set-output name=changes::false" + else + echo "Changes detected." + echo "::set-output name=changes::true" + fi + working-directory: ./terraform + + - name: Terraform Apply + if: ${{ (steps.check_changes.outputs.changes == 'true') && (github.ref == 'refs/heads/main') }} + run: terraform apply -auto-approve tfplan + working-directory: ./terraform + + build: + name: Deploy Application + runs-on: ubuntu-latest + env: + RUNNER_TOOL_CACHE: /toolcache + + steps: + - name: Checkout to Repository + uses: actions/checkout@v4 + + - name: Use Python 3.13 + uses: actions/setup-python@v5 + with: + python-version: '3.13' + cache: pip + + - name: Install Dependencies + run: pip install -r requirements.txt + + - name: Lint Playbooks + run: ansible-lint + working-directory: ./playbooks + + - name: Run Playbook + if: ${{ github.ref == 'refs/heads/main' }} + run: ansible-playbook deployment.yml + working-directory: ./playbooks diff --git a/README.md b/README.md index 75f4bf0..e39aec0 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ # proxy -How all other applications interact with the web. \ No newline at end of file +How all other applications interact with the web. diff --git a/playbooks/deployment.yml b/playbooks/deployment.yml index f0e0c1b..bc0381d 100644 --- a/playbooks/deployment.yml +++ b/playbooks/deployment.yml @@ -1,7 +1,7 @@ - name: Deploy artifact to instance. hosts: localhost vars_files: - - ../config/proxy.json + - ../config/ansible.secret.json - ../secrets/infrastructure.secret.json vars: ansible_connection: aws_ssm diff --git a/terraform/provider.tf b/terraform/provider.tf index d97d5b4..0562314 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -1,11 +1,13 @@ terraform { # The backend is stored in an S3 bucket. - backend "s3" {} + backend "s3" { + bucket = "tsuga-sieboldii" + key = "proxy" + region = "us-east-1" + } } # Access AWS through the IaC roles. provider "aws" { - region = var.aws_region - access_key = var.aws_access - secret_key = var.aws_secret + region = "us-east-1" } \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 6565f7e..e69de29 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,14 +0,0 @@ -variable "aws_region" { - type = string - description = "The AWS region things are created in." -} - -variable "aws_access" { - type = string - description = "The access key to generate the Gitea instance." -} - -variable "aws_secret" { - type = string - description = "The access secret to generate the Gitea instance." -} \ No newline at end of file