From 1078814f30348707b70318fffc126aabb5d69abc Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 13 Jun 2025 13:39:27 -0400 Subject: [PATCH] Update Terraform configurations and add Packer pipeline template --- .terraform_commits | 36 +++++++++++++ backend.tf | 1 - config_packer.hcl | 54 +++++++++++++++++++ iam.tf | 5 ++ imports.tf | 10 ++++ main.tf | 27 ++++++++-- terraform_data_dirs/csvd/environment | 1 + terraform_data_dirs/csvd/modules/ecr-clone | 1 + .../csvd/modules/github-runner | 1 + terraform_data_dirs/csvd/modules/modules.json | 1 + .../hashicorp/aws/5.70.0/linux_amd64 | 1 + .../hashicorp/dns/3.4.2/linux_amd64 | 1 + .../hashicorp/github/6.3.1/linux_amd64 | 1 + .../hashicorp/null/3.2.3/linux_amd64 | 1 + .../hashicorp/random/3.6.3/linux_amd64 | 1 + .../sct-engineering/modules/github-runner | 1 + .../sct-engineering/modules/modules.json | 1 + .../hashicorp/aws/5.70.0/linux_amd64 | 1 + .../hashicorp/dns/3.4.2/linux_amd64 | 1 + .../hashicorp/github/6.3.1/linux_amd64 | 1 + .../hashicorp/local/2.5.2/linux_amd64 | 1 + .../hashicorp/null/3.2.3/linux_amd64 | 1 + .../hashicorp/random/3.6.3/linux_amd64 | 1 + varfiles/csvd.json | 4 ++ varfiles/csvd.tfvars | 4 +- varfiles/sct-engineering.json | 5 ++ varfiles/sct-engineering.tfvars | 3 ++ 27 files changed, 161 insertions(+), 5 deletions(-) create mode 100644 config_packer.hcl create mode 100644 imports.tf create mode 100644 terraform_data_dirs/csvd/environment create mode 160000 terraform_data_dirs/csvd/modules/ecr-clone create mode 160000 terraform_data_dirs/csvd/modules/github-runner create mode 100644 terraform_data_dirs/csvd/modules/modules.json create mode 120000 terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 create mode 120000 terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 create mode 120000 terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 create mode 120000 terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 create mode 120000 terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 create mode 160000 terraform_data_dirs/sct-engineering/modules/github-runner create mode 100644 terraform_data_dirs/sct-engineering/modules/modules.json create mode 120000 terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 create mode 120000 terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 create mode 120000 terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 create mode 120000 terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64 create mode 120000 terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 create mode 120000 terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 create mode 100644 varfiles/csvd.json create mode 100644 varfiles/sct-engineering.json diff --git a/.terraform_commits b/.terraform_commits index ac8b9a1..46ed4df 100644 --- a/.terraform_commits +++ b/.terraform_commits @@ -34,5 +34,41 @@ "commit_message": "Refactor default.auto.tfvars and main.tf", "author": "arnol377", "timestamp": "2025-03-27T16:21:05.154328" + }, + { + "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3", + "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners", + "author": "arnol377", + "timestamp": "2025-04-18T15:43:00.974992" + }, + { + "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3", + "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners", + "author": "arnol377", + "timestamp": "2025-04-18T15:49:00.568207" + }, + { + "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3", + "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners", + "author": "arnol377", + "timestamp": "2025-04-18T16:32:16.503568" + }, + { + "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3", + "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners", + "author": "arnol377", + "timestamp": "2025-05-05T14:01:24.078604" + }, + { + "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3", + "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners", + "author": "arnol377", + "timestamp": "2025-05-05T14:34:49.711580" + }, + { + "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3", + "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners", + "author": "arnol377", + "timestamp": "2025-05-20T13:49:56.129780" } ] \ No newline at end of file diff --git a/backend.tf b/backend.tf index 54ce7cf..7282c36 100644 --- a/backend.tf +++ b/backend.tf @@ -3,6 +3,5 @@ terraform { bucket = "inf-tfstate-229685449397" key = "csvd-dev-gov/common/apps/ghe-runner" region = "us-gov-east-1" - dynamodb_table = "tf_remote_state" } } diff --git a/config_packer.hcl b/config_packer.hcl new file mode 100644 index 0000000..a97b977 --- /dev/null +++ b/config_packer.hcl @@ -0,0 +1,54 @@ +// Packer Pipeline Configuration Template +// Generated by packer-pipeline + +packer_pipeline { + // Required parameters + repo_path = "./my-packer-repo" // Path to the local repository to upload + packer_vars_file = "vars.pkrvars.hcl" // Path to the Packer variables file (.pkrvars.hcl or .json) + packer_template_file = "template.pkr.hcl" // Relative path within the repo to the Packer template + s3_bucket = "my-packer-artifacts" // Name of the S3 bucket for artifacts + assets_bucket = "my-packer-assets" // Name of the S3 bucket containing tool assets + codebuild_project_name = "packer-pipeline-project" // Name for the CodeBuild project + + // Tool Configuration + tools = [ + { + name = "packer" + version = "1.9.4" + zip_path = "packer_1.9.4_linux_amd64.zip" + binary_name = "packer" + install_path = "/usr/local/bin" + } + ] + + // AWS Account Configuration (Optional) + account_number = "123456789012" // AWS account number + partition = "aws-us-gov" // AWS partition (aws or aws-us-gov) + + // Role Management (choose one) + create_role = True // Enable automatic role creation + // codebuild_role_arn = "" // OR specify an existing role ARN + + // Region Configuration + aws_region = "us-gov-west-1" // AWS region + gov_cloud = True // Use AWS GovCloud partition (auto-detected from region if not set) + + // Optional Configuration + s3_key_prefix = "packer-builds/" // Prefix for S3 keys + compute_type = "BUILD_GENERAL1_SMALL" // CodeBuild compute type + image = "aws/codebuild/amazonlinux2-x86_64-standard:4.0" // CodeBuild image + buildspec_template = "buildspec.yml.j2" // Buildspec template file + + // Directory Exclusions + exclude_dirs = ['.git', 'node_modules', 'dist', 'build'] + + // VPC Configuration (Optional) + vpc_config { + vpc_id = "vpc-00576a396ec570b94" // VPC ID + subnet_ids = ['subnet-0b1992a84536c581b'] // List of subnet IDs + security_group_ids = ['sg-0641c697588b9aa6b'] // List of security group IDs + } + + // Environment Variables (Optional) + environment_variables = {'EXAMPLE_VAR': 'value'} +} \ No newline at end of file diff --git a/iam.tf b/iam.tf index c9cc76a..a2af178 100644 --- a/iam.tf +++ b/iam.tf @@ -4,3 +4,8 @@ resource "aws_iam_policy" "policy" { description = "Enables Github Actions access to State Config" policy = file("${path.module}/iam_policy/session_configuration.json") } + +# import { +# id = "arn:aws-us-gov:iam::229685449397:policy/SCT-Engineering-state-access" +# to = aws_iam_policy.policy +# } \ No newline at end of file diff --git a/imports.tf b/imports.tf new file mode 100644 index 0000000..43a60d0 --- /dev/null +++ b/imports.tf @@ -0,0 +1,10 @@ +# import {} + +# module.github-runner.aws_iam_policy.secretsmanager_policy +# module.github-runner.aws_iam_policy.certs_policy[0] +# module.github-runner.aws_iam_role.ecs_task_role +# module.github-runner.aws_iam_role.ecs_task_execution_role +#import { +# to = aws_ecs_cluster.github-runner[0] +# id = "ecs-ghe-runners-us-gov-west-1" +#} diff --git a/main.tf b/main.tf index 4b70aef..31c447c 100644 --- a/main.tf +++ b/main.tf @@ -97,12 +97,31 @@ locals { ] } + +module "ecr-clone" { + source = "HappyPathway/ecr-clone/aws" + registry_name = "github-runners" + image_config = [ + { + enabled = true + dest_path = null + name = var.image_name + source_image = "h1g9x7n8/${var.image_name}" + source_registry = "public.ecr.aws" + source_tag = var.image_version + tag = var.image_version + } + ] + tags = {} +} + + module "github-runner" { # for_each = toset([for repo in local.all_repos : repo]) source = "HappyPathway/github-runner/ecs" ecs_cluster = local.ecs_cluster.name hostname = var.repo_org - image = "229685449397.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/github-runners/${var.image_name}:${var.image_version}" + image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/github-runners/${var.image_name}:${var.image_version}" repo_org = var.repo_org # repo_name = each.value namespace = "${lower(var.repo_org)}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}" @@ -126,7 +145,8 @@ module "github-runner" { "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}", data.aws_caller_identity.current.account_id, data.aws_region.current.name, - "ecs-github-runner" + "ecs-github-runner", + "ubuntu-latest" ] certs = var.certs network_configuration = { @@ -137,7 +157,8 @@ module "github-runner" { tag = "github-runner" depends_on = [ aws_iam_policy.policy, - aws_ecs_cluster.github-runner + aws_ecs_cluster.github-runner, + module.ecr-clone ] } diff --git a/terraform_data_dirs/csvd/environment b/terraform_data_dirs/csvd/environment new file mode 100644 index 0000000..456fbda --- /dev/null +++ b/terraform_data_dirs/csvd/environment @@ -0,0 +1 @@ +sct-engineering \ No newline at end of file diff --git a/terraform_data_dirs/csvd/modules/ecr-clone b/terraform_data_dirs/csvd/modules/ecr-clone new file mode 160000 index 0000000..8fa1857 --- /dev/null +++ b/terraform_data_dirs/csvd/modules/ecr-clone @@ -0,0 +1 @@ +Subproject commit 8fa1857eb18dcd1a79243743cbecca95b5b06b68 diff --git a/terraform_data_dirs/csvd/modules/github-runner b/terraform_data_dirs/csvd/modules/github-runner new file mode 160000 index 0000000..88edaff --- /dev/null +++ b/terraform_data_dirs/csvd/modules/github-runner @@ -0,0 +1 @@ +Subproject commit 88edaff4267e5d8e43f42e22124154613e79477b diff --git a/terraform_data_dirs/csvd/modules/modules.json b/terraform_data_dirs/csvd/modules/modules.json new file mode 100644 index 0000000..d52bb4c --- /dev/null +++ b/terraform_data_dirs/csvd/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"ecr-clone","Source":"registry.terraform.io/HappyPathway/ecr-clone/aws","Version":"0.0.30","Dir":"/data/terraform/workspaces/arnol377/git/ghe-runner/terraform_data_dirs/csvd/modules/ecr-clone"},{"Key":"github-runner","Source":"registry.terraform.io/HappyPathway/github-runner/ecs","Version":"0.0.92","Dir":"/data/terraform/workspaces/arnol377/git/ghe-runner/terraform_data_dirs/csvd/modules/github-runner"}]} \ No newline at end of file diff --git a/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 new file mode 120000 index 0000000..40fb43e --- /dev/null +++ b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 new file mode 120000 index 0000000..33544c3 --- /dev/null +++ b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 new file mode 120000 index 0000000..d61a361 --- /dev/null +++ b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 new file mode 120000 index 0000000..fe28aef --- /dev/null +++ b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 new file mode 120000 index 0000000..494ac1e --- /dev/null +++ b/terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/sct-engineering/modules/github-runner b/terraform_data_dirs/sct-engineering/modules/github-runner new file mode 160000 index 0000000..88edaff --- /dev/null +++ b/terraform_data_dirs/sct-engineering/modules/github-runner @@ -0,0 +1 @@ +Subproject commit 88edaff4267e5d8e43f42e22124154613e79477b diff --git a/terraform_data_dirs/sct-engineering/modules/modules.json b/terraform_data_dirs/sct-engineering/modules/modules.json new file mode 100644 index 0000000..31f0156 --- /dev/null +++ b/terraform_data_dirs/sct-engineering/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"github-runner","Source":"registry.terraform.io/HappyPathway/github-runner/ecs","Version":"0.0.92","Dir":"/data/terraform/workspaces/arnol377/git/ghe-runner/terraform_data_dirs/sct-engineering/modules/github-runner"}]} \ No newline at end of file diff --git a/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 new file mode 120000 index 0000000..40fb43e --- /dev/null +++ b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 new file mode 120000 index 0000000..33544c3 --- /dev/null +++ b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 new file mode 120000 index 0000000..d61a361 --- /dev/null +++ b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64 b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64 new file mode 120000 index 0000000..9e2ab54 --- /dev/null +++ b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 new file mode 120000 index 0000000..fe28aef --- /dev/null +++ b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64 \ No newline at end of file diff --git a/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 new file mode 120000 index 0000000..494ac1e --- /dev/null +++ b/terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 @@ -0,0 +1 @@ +/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64 \ No newline at end of file diff --git a/varfiles/csvd.json b/varfiles/csvd.json new file mode 100644 index 0000000..724356b --- /dev/null +++ b/varfiles/csvd.json @@ -0,0 +1,4 @@ +{ + "GITHUB_OWNER": "CSVD", + "TF_WORKSPACE_COLOR": 32 +} \ No newline at end of file diff --git a/varfiles/csvd.tfvars b/varfiles/csvd.tfvars index dcb5f98..b163f83 100644 --- a/varfiles/csvd.tfvars +++ b/varfiles/csvd.tfvars @@ -15,4 +15,6 @@ certs = { # ] # security_groups = [ # "sg-03cbf2a626ed55c7e" -# ] \ No newline at end of file +# ] +image_name = "github-runner" +image_version = "1.68.0" \ No newline at end of file diff --git a/varfiles/sct-engineering.json b/varfiles/sct-engineering.json new file mode 100644 index 0000000..4a49fc2 --- /dev/null +++ b/varfiles/sct-engineering.json @@ -0,0 +1,5 @@ +{ + "GITHUB_OWNER": "SCT-Engineering", + "TF_WORKSPACE_COLOR": 96 + +} \ No newline at end of file diff --git a/varfiles/sct-engineering.tfvars b/varfiles/sct-engineering.tfvars index 7615b44..841fa9e 100644 --- a/varfiles/sct-engineering.tfvars +++ b/varfiles/sct-engineering.tfvars @@ -1,3 +1,6 @@ namespace = "sct-eng-ghe-runner" repo_org = "SCT-Engineering" desired_count = 1 +create_ecs_cluster = false +image_name = "github-runner" +image_version = "1.68.0" \ No newline at end of file