From 8823b2f3939202ca3875e266330d7bfeacb5775d Mon Sep 17 00:00:00 2001 From: arnol377 Date: Wed, 14 Aug 2024 18:08:18 -0400 Subject: [PATCH 1/3] migrating linux pipeline to s3 source --- linux.tf | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/linux.tf b/linux.tf index 68c49c7..4091065 100644 --- a/linux.tf +++ b/linux.tf @@ -11,7 +11,6 @@ module "amazon_linux" { create_new_role = true create_vpc_endpoint = true ssh_user = "ec2-user" - playbook = "hello-world.yaml" terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access build_environment_variables = [ @@ -27,8 +26,17 @@ module "amazon_linux" { name = aws_s3_bucket.assets_bucket.bucket key = "linux-image-pipeline.zip" } - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss + ansible_source_type = "S3" + ansible_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-ansible-playbooks.zip" + } + playbook = "hello-world.yaml" + goss_source_type = "S3" + goss_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-goss-testing.zip" + } goss_profile = "base-test" state = local.state_config vpc_config = local.vpc_config From 77037ba914cee9c1aa188d1fa7e149b81d191b55 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Wed, 14 Aug 2024 18:09:53 -0400 Subject: [PATCH 2/3] terraform fmt --- linux.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux.tf b/linux.tf index 4091065..a248f92 100644 --- a/linux.tf +++ b/linux.tf @@ -31,7 +31,7 @@ module "amazon_linux" { name = aws_s3_bucket.assets_bucket.bucket key = "image-pipeline-ansible-playbooks.zip" } - playbook = "hello-world.yaml" + playbook = "hello-world.yaml" goss_source_type = "S3" goss_bucket = { name = aws_s3_bucket.assets_bucket.bucket From 0fe2abb1076efeed802817711dd2f6b663dec758 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Thu, 22 Aug 2024 14:02:38 -0400 Subject: [PATCH 3/3] updating --- .github/workflows/terraform-apply.yml | 8 +-- .terraform.lock.hcl | 51 ++++++++++------ docker.tf | 83 +++++++++++++++++++++++++++ linux.tf | 12 ++-- locals.tf | 2 +- main.tf | 3 +- rhel.tf | 10 ++-- windows.tf | 18 +++--- 8 files changed, 147 insertions(+), 40 deletions(-) create mode 100644 docker.tf diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 8b2c3b1..e1289f6 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -54,8 +54,6 @@ jobs: id: validate run: terraform validate - - name: Terraform Apply - id: apply - run: terraform apply -auto-approve - continue-on-error: true - + - name: Terraform Auto Apply + uses: HappyPathway/terraform-apply@1.0.0 + diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 0ff7389..370d37e 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,25 +2,44 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.62.0" + version = "5.63.0" constraints = ">= 4.20.1" hashes = [ - "h1:8tevkFG+ea/sNZYiQ2GQ02hknPcWBukxkrpjRCodQC0=", - "zh:1f366cbcda72fb123015439a42ab19f96e10ce4edb404273f4e1b7e06da20b73", - "zh:25f098454a34b483279e0382b24b4f42e51c067222c6e797eda5d3ec33b9beb1", - "zh:4b59d48b527e3cefd73f196853bfc265b3e1e57b55c1c8a2d12ff6e3534b4f07", - "zh:7bb88c1ca95e2b3f0f1fe8636925133b9813fc5b137cc467ba6a233ddf4b360e", - "zh:8a93dece40e816c92647e762839d0370e9cad2aa21dc4ca95baee9385f116459", - "zh:8dfe82c55ab8f633c1e2a39c687e9ca8c892d1c2005bf5166ac396ce868ecd05", + "h1:mhVxzwfSZVxPJNZsr1fvKZe51+48BdM7pzWChVQ4v68=", + "zh:21f3a6870dd80b8312b6aac28784b29a7c2cf072175f0de943f09bddbf14cad6", + "zh:28feb0621baeaa9b6992a6209fd0d7ad1c665b1dd895123f2fd36d91d69d116f", + "zh:301d51b398c3e3488ea2b63defeb254436854c83046d9fc5ca129b13faaa4319", + "zh:343e89645a2b23363226e2e0571639637ac1ddf7fa8c562bf883b17c8ad30d7d", + "zh:56c89148fc105a1bf32ffcd574ec1e679144377ea26c9ae4211dd491a3def358", + "zh:5e3b88e3eb28b23819126d43b191a2bda28a09d7690aee7e577b3b6235c4824a", + "zh:64c21f3b38a8f0f0ef8b938df71cde76d77e010236bb6a0b46f66daa6cab6f99", + "zh:6869e5fafe6535954ac75ece63e9765d6b12d1752b54cf9639a01585f1a5583e", + "zh:90a6894868c585a5abf00e784723d74ea80aff3d0403b36028c4b08c5c4894d6", + "zh:92e9e4b7c183e518c1decd0fbc780e9f1941d05710c9c20329c78556a7f0adac", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a754952d69b4860480d5207390e3ab42350c964dbca9a5ac0c6912dd24b4c11d", - "zh:b2a4dbf4abee0e9ec18c5d323b99defdcd3c681f8c4306fb6e02cff7de038f85", - "zh:b57d84be258b571c04271015f03858ab215768b82e47c11ecd86e789d577030a", - "zh:be811b03289407c8d59e6b199bf16e6071165565ffe502148172d0886cf849c4", - "zh:d4144c7366c840eff1ac15ba13d96063f798f0983d24053a832362033624fe6f", - "zh:d88612856d453c4e10c49c76e4ef522b7d068b4f7c3e2e0b03dd74540986eecd", - "zh:e8bd231a5d0786cc4aab8471bb6dabd5a5df1c598afda077a9f27987ada57b67", - "zh:ffb40a66b4d000a8ee4c54227eeb998f887ad867419c3af7d3981587788de074", + "zh:bbc053d060d4f6e95ef60549a0e92487fbbd88807f8161507cc389edc7dde0f7", + "zh:cfd8e88029a2fdafdfa77688f966705ade9211d173cbb6aa1552839c9993c19a", + "zh:d291875c26a6a05b60e02f1481c296269080232fa0ae86cce5caa04a6df82ed6", + "zh:f42f0b81587de0c51859e37cd671c442d8eaf42558d83c6421b1e46549576f89", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + hashes = [ + "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", ] } diff --git a/docker.tf b/docker.tf new file mode 100644 index 0000000..951851c --- /dev/null +++ b/docker.tf @@ -0,0 +1,83 @@ +resource "aws_ecr_repository" "repo" { + name = "csvd-census-docker-repo" + image_tag_mutability = "MUTABLE" + + image_scanning_configuration { + scan_on_push = true + } +} + +locals { + image_config = [ + { + enabled = true + dest_path = null + name = "ubuntu/ubuntu" + source_image = "ubuntu/ubuntu" + source_registry = "public.ecr.aws" + source_tag = "edge" + tag = "edge" + }, + ] +} + +module "images" { + source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" + + profile = "docker-image-pipeline" + application_name = "docker-image-pipeline" + image_config = local.image_config + tags = {} + + enable_lifecycle_policy = true + lifecycle_policy_all = true + force_delete = true +} + +module "docker" { + source = "HappyPathway/image-pipeline/aws" + project_name = "docker-image-pipeline" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = false + ssh_user = "ec2-user" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : + { + name = proxy_var, + value = lookup(local.proxy_env_vars, proxy_var), + type = "PLAINTEXT" + } + ] + packer_source_type = "S3" + packer_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "docker-image-pipeline.zip" + } + ansible_source_type = "S3" + ansible_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-ansible-playbooks.zip" + } + playbook = "hello-world.yaml" + goss_source_type = "S3" + goss_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-goss-testing.zip" + } + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config + image = { + repo = aws_ecr_repository.repo.name + tag = "latest" + source_image = "public.ecr.aws/ubuntu/ubuntu:edge" + } +} + +output docker_repo { + value = aws_ecr_repository.repo +} diff --git a/linux.tf b/linux.tf index a248f92..33cc29c 100644 --- a/linux.tf +++ b/linux.tf @@ -37,11 +37,13 @@ module "amazon_linux" { name = aws_s3_bucket.assets_bucket.bucket key = "image-pipeline-goss-testing.zip" } - goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" - instance_type = "t2.micro" + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config + ami = { + source_ami = "ami-03fadeeea589a106b" + instance_type = "t2.micro" + } } output "linux_iam_arn" { diff --git a/locals.tf b/locals.tf index 6c28027..2828814 100644 --- a/locals.tf +++ b/locals.tf @@ -33,4 +33,4 @@ locals { region = local.vpc_config.region dynamodb_table = "tf_remote_state" } -} \ No newline at end of file +} diff --git a/main.tf b/main.tf index d71cdfd..e77926c 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,8 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" { principals { type = "AWS" identifiers = [ - module.amazon_linux.iam_arn + module.amazon_linux.iam_arn, + module.docker.iam_arn ] } diff --git a/rhel.tf b/rhel.tf index d7de2da..0b2e5bf 100644 --- a/rhel.tf +++ b/rhel.tf @@ -23,8 +23,10 @@ module "rhel" { goss_repo = data.aws_codecommit_repository.goss goss_profile = "rhel-base-test" # goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-0e6191a82a929381a" # x86_64 compatible AMI - RHEL9 quick start image - instance_type = "t3.micro" # x86_64 compatible instance type + state = local.state_config + vpc_config = local.vpc_config + ami = { + source_ami = "ami-0e6191a82a929381a" # x86_64 compatible AMI - RHEL9 quick start image + instance_type = "t3.micro" # x86_64 compatible instance type + } } diff --git a/windows.tf b/windows.tf index 3448477..573cc8d 100644 --- a/windows.tf +++ b/windows.tf @@ -25,13 +25,15 @@ module "windows" { type = "PLAINTEXT" } ] - packer_repo = data.aws_codecommit_repository.windows - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "windows-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI - instance_type = "t2.xlarge" # x86_64 compatible instance type + packer_repo = data.aws_codecommit_repository.windows + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "windows-base-test" + state = local.state_config + vpc_config = local.vpc_config + ami = { + source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI + instance_type = "t2.xlarge" # x86_64 compatible instance type + } }