Linux pipeline s3 source (#9)

* migrating linux pipeline to s3 source * terraform fmt * updating --------- Co-authored-by: arnol377 <github-actions@census.gov>
CSVD · Aug 22, 2024 · 5b931f8 · 5b931f8
1 parent de6f184
commit 5b931f8
Show file tree

Hide file tree

Showing 8 changed files with 203 additions and 35 deletions.
diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
@@ -0,0 +1,59 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Terraform Apply
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  push:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: [ aws-image-pipeline ]
+    env:
+      AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+      AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
+      AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}"
+
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+
+
+      - uses: CSVD/gh-actions-setup-node@v3
+        with:
+           node-version: 16
+
+      - uses: CSVD/gh-actions-setup-terraform@v2
+        with:
+          terraform_wrapper: false
+          terraform_version: "1.9.1"
+
+      - name: Terraform Format
+        id: fmt
+        run: |
+          terraform fmt -check
+
+      - name: Autoformat Halt
+        if: env.auto_format == 'true'
+        run: exit 1
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -upgrade
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+
+      - name: Terraform Auto Apply
+        uses: HappyPathway/terraform-apply@1.0.0
+
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/docker.tf b/docker.tf
@@ -0,0 +1,83 @@
+resource "aws_ecr_repository" "repo" {
+  name                 = "csvd-census-docker-repo"
+  image_tag_mutability = "MUTABLE"
+
+  image_scanning_configuration {
+    scan_on_push = true
+  }
+}
+
+locals {
+  image_config = [
+    {
+      enabled         = true
+      dest_path       = null
+      name            = "ubuntu/ubuntu"
+      source_image    = "ubuntu/ubuntu"
+      source_registry = "public.ecr.aws"
+      source_tag      = "edge"
+      tag             = "edge"
+    },
+  ]
+}
+
+module "images" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
+
+  profile = "docker-image-pipeline"
+  application_name = "docker-image-pipeline"
+  image_config     = local.image_config
+  tags             = {}
+
+  enable_lifecycle_policy = true
+  lifecycle_policy_all    = true
+  force_delete            = true
+}
+
+module "docker" {
+  source                    = "HappyPathway/image-pipeline/aws"
+  project_name              = "docker-image-pipeline"
+  builder_image             = "aws/codebuild/standard:7.0"
+  create_new_repo           = false
+  create_new_role           = true
+  create_vpc_endpoint       = false
+  ssh_user                  = "ec2-user"
+  terraform_version         = "1.8.5"
+  build_permissions_iam_doc = data.aws_iam_policy_document.s3_access
+  build_environment_variables = [
+    for proxy_var in keys(local.proxy_env_vars) :
+    {
+      name  = proxy_var,
+      value = lookup(local.proxy_env_vars, proxy_var),
+      type  = "PLAINTEXT"
+    }
+  ]
+  packer_source_type = "S3"
+  packer_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "docker-image-pipeline.zip"
+  }
+  ansible_source_type = "S3"
+  ansible_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-ansible-playbooks.zip"
+  }
+  playbook         = "hello-world.yaml"
+  goss_source_type = "S3"
+  goss_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-goss-testing.zip"
+  }
+  goss_profile = "base-test"
+  state        = local.state_config
+  vpc_config   = local.vpc_config
+  image = {
+    repo         = aws_ecr_repository.repo.name
+    tag          = "latest"
+    source_image = "public.ecr.aws/ubuntu/ubuntu:edge"
+  }
+}
+
+output docker_repo {
+  value = aws_ecr_repository.repo
+}
diff --git a/linux.tf b/linux.tf
@@ -37,11 +37,13 @@ module "amazon_linux" {
     name = aws_s3_bucket.assets_bucket.bucket
     key  = "image-pipeline-goss-testing.zip"
   }
-  goss_profile  = "base-test"
-  state         = local.state_config
-  vpc_config    = local.vpc_config
-  source_ami    = "ami-03fadeeea589a106b"
-  instance_type = "t2.micro"
+  goss_profile = "base-test"
+  state        = local.state_config
+  vpc_config   = local.vpc_config
+  ami = {
+    source_ami    = "ami-03fadeeea589a106b"
+    instance_type = "t2.micro"
+  }
 }
 
 output "linux_iam_arn" {

diff --git a/locals.tf b/locals.tf
@@ -33,4 +33,4 @@ locals {
     region         = local.vpc_config.region
     dynamodb_table = "tf_remote_state"
   }
-}
+}
diff --git a/main.tf b/main.tf
@@ -19,7 +19,8 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" {
     principals {
       type = "AWS"
       identifiers = [
-        module.amazon_linux.iam_arn
+        module.amazon_linux.iam_arn,
+        module.docker.iam_arn
       ]
     }
 

diff --git a/rhel.tf b/rhel.tf
@@ -23,8 +23,10 @@ module "rhel" {
   goss_repo    = data.aws_codecommit_repository.goss
   goss_profile = "rhel-base-test"
   # goss_profile  = "base-test"
-  state         = local.state_config
-  vpc_config    = local.vpc_config
-  source_ami    = "ami-0e6191a82a929381a" # x86_64 compatible AMI - RHEL9 quick start image
-  instance_type = "t3.micro"              # x86_64 compatible instance type
+  state      = local.state_config
+  vpc_config = local.vpc_config
+  ami = {
+    source_ami    = "ami-0e6191a82a929381a" # x86_64 compatible AMI - RHEL9 quick start image
+    instance_type = "t3.micro"              # x86_64 compatible instance type
+  }
 }
diff --git a/windows.tf b/windows.tf
@@ -25,13 +25,15 @@ module "windows" {
       type  = "PLAINTEXT"
     }
   ]
-  packer_repo   = data.aws_codecommit_repository.windows
-  ansible_repo  = data.aws_codecommit_repository.ansible
-  goss_repo     = data.aws_codecommit_repository.goss
-  goss_profile  = "windows-base-test"
-  state         = local.state_config
-  vpc_config    = local.vpc_config
-  source_ami    = "ami-012fffaddacaa52ff" # x86_64 compatible AMI
-  instance_type = "t2.xlarge"             # x86_64 compatible instance type
+  packer_repo  = data.aws_codecommit_repository.windows
+  ansible_repo = data.aws_codecommit_repository.ansible
+  goss_repo    = data.aws_codecommit_repository.goss
+  goss_profile = "windows-base-test"
+  state        = local.state_config
+  vpc_config   = local.vpc_config
+  ami = {
+    source_ami    = "ami-012fffaddacaa52ff" # x86_64 compatible AMI
+    instance_type = "t2.xlarge"             # x86_64 compatible instance type
+  }
 }