updating

CSVD · Aug 22, 2024 · 0fe2abb · 0fe2abb
1 parent 77037ba
commit 0fe2abb
Show file tree

Hide file tree

Showing 8 changed files with 147 additions and 40 deletions.
diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
@@ -54,8 +54,6 @@ jobs:
         id: validate
         run: terraform validate
 
-      - name: Terraform Apply
-        id: apply
-        run: terraform apply -auto-approve
-        continue-on-error: true
-
+      - name: Terraform Auto Apply
+        uses: HappyPathway/terraform-apply@1.0.0
+
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/docker.tf b/docker.tf
@@ -0,0 +1,83 @@
+resource "aws_ecr_repository" "repo" {
+  name                 = "csvd-census-docker-repo"
+  image_tag_mutability = "MUTABLE"
+
+  image_scanning_configuration {
+    scan_on_push = true
+  }
+}
+
+locals {
+  image_config = [
+    {
+      enabled         = true
+      dest_path       = null
+      name            = "ubuntu/ubuntu"
+      source_image    = "ubuntu/ubuntu"
+      source_registry = "public.ecr.aws"
+      source_tag      = "edge"
+      tag             = "edge"
+    },
+  ]
+}
+
+module "images" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
+
+  profile = "docker-image-pipeline"
+  application_name = "docker-image-pipeline"
+  image_config     = local.image_config
+  tags             = {}
+
+  enable_lifecycle_policy = true
+  lifecycle_policy_all    = true
+  force_delete            = true
+}
+
+module "docker" {
+  source                    = "HappyPathway/image-pipeline/aws"
+  project_name              = "docker-image-pipeline"
+  builder_image             = "aws/codebuild/standard:7.0"
+  create_new_repo           = false
+  create_new_role           = true
+  create_vpc_endpoint       = false
+  ssh_user                  = "ec2-user"
+  terraform_version         = "1.8.5"
+  build_permissions_iam_doc = data.aws_iam_policy_document.s3_access
+  build_environment_variables = [
+    for proxy_var in keys(local.proxy_env_vars) :
+    {
+      name  = proxy_var,
+      value = lookup(local.proxy_env_vars, proxy_var),
+      type  = "PLAINTEXT"
+    }
+  ]
+  packer_source_type = "S3"
+  packer_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "docker-image-pipeline.zip"
+  }
+  ansible_source_type = "S3"
+  ansible_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-ansible-playbooks.zip"
+  }
+  playbook         = "hello-world.yaml"
+  goss_source_type = "S3"
+  goss_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-goss-testing.zip"
+  }
+  goss_profile = "base-test"
+  state        = local.state_config
+  vpc_config   = local.vpc_config
+  image = {
+    repo         = aws_ecr_repository.repo.name
+    tag          = "latest"
+    source_image = "public.ecr.aws/ubuntu/ubuntu:edge"
+  }
+}
+
+output docker_repo {
+  value = aws_ecr_repository.repo
+}
diff --git a/linux.tf b/linux.tf
@@ -37,11 +37,13 @@ module "amazon_linux" {
     name = aws_s3_bucket.assets_bucket.bucket
     key  = "image-pipeline-goss-testing.zip"
   }
-  goss_profile  = "base-test"
-  state         = local.state_config
-  vpc_config    = local.vpc_config
-  source_ami    = "ami-03fadeeea589a106b"
-  instance_type = "t2.micro"
+  goss_profile = "base-test"
+  state        = local.state_config
+  vpc_config   = local.vpc_config
+  ami = {
+    source_ami    = "ami-03fadeeea589a106b"
+    instance_type = "t2.micro"
+  }
 }
 
 output "linux_iam_arn" {

diff --git a/locals.tf b/locals.tf
@@ -33,4 +33,4 @@ locals {
     region         = local.vpc_config.region
     dynamodb_table = "tf_remote_state"
   }
-}
+}
diff --git a/main.tf b/main.tf
@@ -19,7 +19,8 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" {
     principals {
       type = "AWS"
       identifiers = [
-        module.amazon_linux.iam_arn
+        module.amazon_linux.iam_arn,
+        module.docker.iam_arn
       ]
     }
 

diff --git a/rhel.tf b/rhel.tf
@@ -23,8 +23,10 @@ module "rhel" {
   goss_repo    = data.aws_codecommit_repository.goss
   goss_profile = "rhel-base-test"
   # goss_profile  = "base-test"
-  state         = local.state_config
-  vpc_config    = local.vpc_config
-  source_ami    = "ami-0e6191a82a929381a" # x86_64 compatible AMI - RHEL9 quick start image
-  instance_type = "t3.micro"              # x86_64 compatible instance type
+  state      = local.state_config
+  vpc_config = local.vpc_config
+  ami = {
+    source_ami    = "ami-0e6191a82a929381a" # x86_64 compatible AMI - RHEL9 quick start image
+    instance_type = "t3.micro"              # x86_64 compatible instance type
+  }
 }
diff --git a/windows.tf b/windows.tf
@@ -25,13 +25,15 @@ module "windows" {
       type  = "PLAINTEXT"
     }
   ]
-  packer_repo   = data.aws_codecommit_repository.windows
-  ansible_repo  = data.aws_codecommit_repository.ansible
-  goss_repo     = data.aws_codecommit_repository.goss
-  goss_profile  = "windows-base-test"
-  state         = local.state_config
-  vpc_config    = local.vpc_config
-  source_ami    = "ami-012fffaddacaa52ff" # x86_64 compatible AMI
-  instance_type = "t2.xlarge"             # x86_64 compatible instance type
+  packer_repo  = data.aws_codecommit_repository.windows
+  ansible_repo = data.aws_codecommit_repository.ansible
+  goss_repo    = data.aws_codecommit_repository.goss
+  goss_profile = "windows-base-test"
+  state        = local.state_config
+  vpc_config   = local.vpc_config
+  ami = {
+    source_ami    = "ami-012fffaddacaa52ff" # x86_64 compatible AMI
+    instance_type = "t2.xlarge"             # x86_64 compatible instance type
+  }
 }