.github/workflows/deployment.yml

@@ -0,0 +1,84 @@
+name: Build & Deploy
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  infrastructure:
+    name: Build Infrastructure
+    runs-on: ubuntu-latest
+    env: 
+      RUNNER_TOOL_CACHE: /toolcache
+
+    steps:
+      - name: Checkout to Repository
+        uses: actions/checkout@v2
+
+      - name: Set-up Terraform
+        uses: hashicorp/setup-terraform@v2
+
+      - name: Format Terraform
+        run: terraform fmt -check
+        working-directory: ./terraform
+
+      - name: Initialize Terraform Back-end
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: terraform init
+        working-directory: ./terraform
+
+      - name: Terraform Plan
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: terraform plan -out=tfplan -no-color
+        working-directory: ./terraform
+
+      - name: Check if there are changes
+        id: check_changes
+        run: |
+          if [ -n "$(terraform show -no-color tfplan | grep -E 'No changes.')" ]; then
+            echo "No changes detected."
+            echo "::set-output name=changes::false"
+          else
+            echo "Changes detected."
+            echo "::set-output name=changes::true"
+          fi
+        working-directory: ./terraform
+
+      - name: Terraform Apply
+        if: ${{ (steps.check_changes.outputs.changes == 'true') && (github.ref == 'refs/heads/main') }}
+        run: terraform apply -auto-approve tfplan
+        working-directory: ./terraform
+  
+  build:
+    name: Deploy Application
+    runs-on: ubuntu-latest
+    env: 
+      RUNNER_TOOL_CACHE: /toolcache
+      
+    steps:
+      - name: Checkout to Repository
+        uses: actions/checkout@v4
+
+      - name: Use Python 3.13
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+          cache: pip
+      
+      - name: Install Dependencies
+        run: pip install -r requirements.txt
+
+      - name: Lint Playbooks
+        run: ansible-lint
+        working-directory: ./playbooks
+
+      - name: Run Playbook
+        if: ${{ github.ref == 'refs/heads/main' }}
+        run: ansible-playbook deployment.yml
+        working-directory: ./playbooks

playbooks/deployment.yml

@@ -1,7 +1,7 @@
 - name: Deploy artifact to instance.
   hosts: localhost
   vars_files:
-    - ../config/proxy.json
+    - ../config/ansible.secret.json
     - ../secrets/infrastructure.secret.json
   vars:
     ansible_connection: aws_ssm

terraform/provider.tf

@@ -1,11 +1,13 @@
 terraform {
   # The backend is stored in an S3 bucket.
-  backend "s3" {}
+  backend "s3" {
+    bucket = "tsuga-sieboldii"
+    key    = "proxy"
+    region = "us-east-1"
+  }
 }
 
 # Access AWS through the IaC roles.
 provider "aws" {
-  region     = var.aws_region
+  region = "us-east-1"
-  access_key = var.aws_access
-  secret_key = var.aws_secret
 }

terraform/variables.tf

@@ -1,14 +0,0 @@
-variable "aws_region" {
-  type        = string
-  description = "The AWS region things are created in."
-}
-
-variable "aws_access" {
-  type        = string
-  description = "The access key to generate the Gitea instance."
-}
-
-variable "aws_secret" {
-  type        = string
-  description = "The access secret to generate the Gitea instance."
-}