From 40a64e57ae4c0d03b4932da2b195590a05ec25f2 Mon Sep 17 00:00:00 2001
From: David John Arnold Jr <david.j.arnold.jr@census.gov>
Date: Thu, 8 Aug 2024 17:40:08 -0700
Subject: [PATCH 1/3] Update terraform-apply.yml

---
 .github/workflows/terraform-apply.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
index b1944ec..8615845 100644
--- a/.github/workflows/terraform-apply.yml
+++ b/.github/workflows/terraform-apply.yml
@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: CI
+name: Terraform Apply
 
 # Controls when the workflow will run
 on:

From 7587e492f189000a2974ffb5040c5a003209b64d Mon Sep 17 00:00:00 2001
From: David John Arnold Jr <david.j.arnold.jr@census.gov>
Date: Thu, 8 Aug 2024 17:40:23 -0700
Subject: [PATCH 2/3] Update terraform-plan.yaml

---
 .github/workflows/terraform-plan.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml
index 0ae77c7..0071080 100644
--- a/.github/workflows/terraform-plan.yaml
+++ b/.github/workflows/terraform-plan.yaml
@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: CI
+name: Terraform Plan
 
 # Controls when the workflow will run
 on:

From 31f631358487251ee61564673697fb9179fce689 Mon Sep 17 00:00:00 2001
From: David John Arnold Jr <david.j.arnold.jr@census.gov>
Date: Fri, 9 Aug 2024 15:08:10 -0700
Subject: [PATCH 3/3] S3 migration (#4)

* working on migrating repos to s3 objects

* Update code to migrate repositories to S3 objects

* updating

* adding ghe-runner configuration

* triaging

* fixing creds

* Update terraform-plan.yaml

---------

Co-authored-by: Dave Arnold <dave@roknsound.com>
---
 .github/workflows/terraform-plan.yaml | 18 ++++++------------
 .gitignore                            |  1 +
 linux.tf                              | 20 ++++++++++++++------
 main.tf                               | 17 ++++++++++++++---
 rhel.tf                               | 13 -------------
 windows.tf                            | 16 ----------------
 6 files changed, 35 insertions(+), 50 deletions(-)

diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml
index 0071080..0c5a1a8 100644
--- a/.github/workflows/terraform-plan.yaml
+++ b/.github/workflows/terraform-plan.yaml
@@ -2,35 +2,29 @@
 
 name: Terraform Plan
 
+
 # Controls when the workflow will run
 on:
-  # Triggers the workflow on push or pull request events but only for the "main" branch
   pull_request:
-    branches: [ "main" ]
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   # This workflow contains a single job called "build"
   build:
     # The type of runner that the job will run on
-    runs-on: [ image-pipeline ]
+    runs-on: [ aws-image-pipeline ]
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      - uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_wrapper: false
-
       # Runs a set of commands using the runners shell
       - name: Run a multi-line script
+        env:
+          AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+          AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
+          AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}"
         run: |
           terraform init -upgrade
           terraform plan
-        env:
-          AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }}
diff --git a/.gitignore b/.gitignore
index 2faf43d..d3e557e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,3 +35,4 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+ghe-runner
diff --git a/linux.tf b/linux.tf
index 6cff4e7..2c6eb98 100644
--- a/linux.tf
+++ b/linux.tf
@@ -1,3 +1,7 @@
+moved {
+  from = module.main
+  to = module.amazon_linux
+}
 
 module "amazon_linux" {
   source                    = "HappyPathway/image-pipeline/aws"
@@ -18,7 +22,11 @@ module "amazon_linux" {
       type  = "PLAINTEXT"
     }
   ]
-  packer_repo   = data.aws_codecommit_repository.linux
+  packer_source_type = "S3"
+  packer_bucket = {
+    name =  aws_s3_bucket.assets_bucket.bucket
+    key  =  "linux-image-pipeline.zip"
+  }
   ansible_repo  = data.aws_codecommit_repository.ansible
   goss_repo     = data.aws_codecommit_repository.goss
   goss_profile  = "base-test"
@@ -32,11 +40,11 @@ output "linux_iam_arn" {
   value = module.amazon_linux.iam_arn
 }
 
-output "linux_codebuild_user" {
-  value = module.amazon_linux.build_user.name
-}
-
 output "linux_parameters" {
   value     = keys(module.amazon_linux.parameters)
   sensitive = true
-}
\ No newline at end of file
+}
+
+output linux_bucket {
+  value = module.amazon_linux.s3_bucket
+}
diff --git a/main.tf b/main.tf
index fac9b5d..715c85e 100644
--- a/main.tf
+++ b/main.tf
@@ -4,9 +4,17 @@ resource "aws_s3_bucket" "state_bucket" {
   bucket = "inf-test-${random_uuid.random.result}"
 }
 
-resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
-  bucket = aws_s3_bucket.state_bucket.bucket
+resource "aws_s3_bucket" "assets_bucket" {
+  bucket = "image-pipeline-assets"
+}
 
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
+  for_each = tomap({
+    state_bucket = aws_s3_bucket.state_bucket.bucket
+    assets_bucket = aws_s3_bucket.assets_bucket.bucket
+  })
+  bucket = each.value
   rule {
     apply_server_side_encryption_by_default {
       sse_algorithm = "aws:kms"
@@ -18,7 +26,10 @@ data "aws_iam_policy_document" "s3_access" {
   statement {
     effect    = "Allow"
     actions   = ["s3:*"]
-    resources = ["*"]
+    resources = [
+      aws_s3_bucket.state_bucket.arn,
+      aws_s3_bucket.assets_bucket.arn
+    ]
   }
 }
 
diff --git a/rhel.tf b/rhel.tf
index 3aba4c1..d51e331 100644
--- a/rhel.tf
+++ b/rhel.tf
@@ -27,16 +27,3 @@ module "rhel" {
   source_ami    = "ami-03fadeeea589a106b" # x86_64 compatible AMI
   instance_type = "t3.micro"              # x86_64 compatible instance type
 }
-
-output "rhel_iam_arn" {
-  value = module.amazon_linux.iam_arn
-}
-
-output "rhel_codebuild_user" {
-  value = module.amazon_linux.build_user.name
-}
-
-output "rhel_parameters" {
-  value     = keys(module.amazon_linux.parameters)
-  sensitive = true
-}
\ No newline at end of file
diff --git a/windows.tf b/windows.tf
index c7834d3..3448477 100644
--- a/windows.tf
+++ b/windows.tf
@@ -35,19 +35,3 @@ module "windows" {
   instance_type = "t2.xlarge"             # x86_64 compatible instance type
 }
 
-output "winrm_password" {
-  value = nonsensitive(random_password.winrm.result)
-}
-
-output "windows_iam_arn" {
-  value = module.amazon_linux.iam_arn
-}
-
-output "windows_codebuild_user" {
-  value = module.amazon_linux.build_user.name
-}
-
-output "windows_parameters" {
-  value     = keys(module.amazon_linux.parameters)
-  sensitive = true
-}
\ No newline at end of file