From 363afd17c9f5426db74296a65744ff3968e15762 Mon Sep 17 00:00:00 2001
From: arnol377 <david.j.arnold.jr@census.gov>
Date: Mon, 23 Sep 2024 13:21:25 -0400
Subject: [PATCH] updating stuff, hoping that Im not checking in garbage

---
 external_actions.tf | 80 -----------------------------------------
 iam.tf              |  6 ++++
 main.tf             | 88 +++++++++++++++++++++++++++------------------
 terraform.tfstate   |  0
 4 files changed, 59 insertions(+), 115 deletions(-)
 delete mode 100644 external_actions.tf
 create mode 100644 iam.tf
 delete mode 100644 terraform.tfstate

diff --git a/external_actions.tf b/external_actions.tf
deleted file mode 100644
index 1009f14..0000000
--- a/external_actions.tf
+++ /dev/null
@@ -1,80 +0,0 @@
-
-terraform {
-  required_providers {
-    github = {
-      source  = "integrations/github"
-      version = "6.2.2"
-    }
-  }
-}
-
-module "gh_token" {
-  for_each = toset([
-    "GITHUB_ENTERPRISE_TOKEN",
-    "GITHUB_PUBLIC_TOKEN"
-  ])
-  source  = "HappyPathway/var/env"
-  env_var = each.value
-}
-
-
-module "github_script" {
-  source        = "HappyPathway/gh-actions/importer"
-  github_repo_topics = []
-  vulnerability_alerts = false
-  public_repo   = {
-    default_branch = "main"
-    clone_url      = "https://github.com/actions/github-script"
-  } 
-  internal_repo = {
-    name   = "gh-actions-github-script"
-    org    = "CSVD"
-    topics = ["github-actions"]
-  }
-}
-
-module "github_checkout" {
-  source        = "HappyPathway/gh-actions/importer"
-  github_repo_topics = []
-  vulnerability_alerts = false
-  public_repo   = {
-    default_branch = "main"
-    clone_url      = "https://github.com/actions/checkout"
-  }
-  internal_repo = {
-    name   = "gh-actions-checkout"
-    org    = "CSVD"
-    topics = ["github-actions"]
-  }
-}
-
-module "setup_python" {
-  source        = "HappyPathway/gh-actions/importer"
-  github_repo_topics = []
-  vulnerability_alerts = false
-  public_repo   = {
-    default_branch = "main"
-    clone_url      = "https://github.com/actions/setup-python"
-  }
-  internal_repo = {
-    name   = "gh-actions-setup-python"
-    org    = "CSVD"
-    topics = ["github-actions"]
-  } 
-}
-
-module "netbackup_automation_platform" {
-  source        = "HappyPathway/gh-actions/importer"
-  github_repo_topics = []
-  vulnerability_alerts = false
-  public_repo   = {
-    default_branch = "main"
-    clone_url      = "https://github.com/VeritasOS/netbackup-automation-platform.git"
-  }
-  internal_repo = {
-    name   = "netbackup-automation-platform"
-    org    = "CSVD"
-    topics = ["github-actions"]
-  }
-}
-
diff --git a/iam.tf b/iam.tf
new file mode 100644
index 0000000..c9cc76a
--- /dev/null
+++ b/iam.tf
@@ -0,0 +1,6 @@
+resource "aws_iam_policy" "policy" {
+  name        = "${var.repo_org}-state-access"
+  path        = "/"
+  description = "Enables Github Actions access to State Config"
+  policy      = file("${path.module}/iam_policy/session_configuration.json")
+}
diff --git a/main.tf b/main.tf
index b4514ae..cb08e5e 100644
--- a/main.tf
+++ b/main.tf
@@ -1,5 +1,10 @@
 
 locals {
+  proxy_vars = {
+     HTTP_PROXY  = "http://proxy.tco.census.gov:3128"
+     NO_PROXY    = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev"
+     HTTPS_PROXY = "http://proxy.tco.census.gov:3128"
+  }
   pipeline_repos = [
     "aws-image-pipeline",
     "linux-image-pipeline",
@@ -39,7 +44,7 @@ resource "aws_cloudwatch_log_group" "function_log_group" {
 resource "aws_vpc_endpoint" "ecr" {
   for_each = var.create_vpc_endpoint ? toset([
     "com.amazonaws.${data.aws_region.current.name}.ecr.api",
-    "com.amazonaws.${data.aws_region.current.name}.ecr.dkr"
+    "com.amazonaws.${data.aws_region.current.name}.ecr.dkr",
   ]) : toset([])
   vpc_id            = var.vpc_id
   service_name      = each.value
@@ -70,19 +75,29 @@ locals {
 }
 
 module "github-runner" {
-  for_each     = toset([for repo in local.all_repos : repo])
-  source       = "HappyPathway/github-runner/ecs"
-  ecs_cluster  = data.aws_ecs_cluster.github-runner.cluster_name
-  hostname     = each.value
-  image        = "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/github-runners/${var.image_name}:${var.image_version}"
-  repo_org     = var.repo_org
-  repo_name    = each.value
-  namespace    = "${terraform.workspace}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
-  log_group    = aws_cloudwatch_log_group.function_log_group.name
-  runner_group = { create = false }
-  server_url   = var.server_url
+  # for_each     = toset([for repo in local.all_repos : repo])
+  source      = "HappyPathway/github-runner/ecs"
+  ecs_cluster = data.aws_ecs_cluster.github-runner.cluster_name
+  hostname    = "CSVD"
+  image       = "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/github-runners/${var.image_name}:${var.image_version}"
+  repo_org    = var.repo_org
+  # repo_name    = each.value
+  namespace = "csvd-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
+  log_group = aws_cloudwatch_log_group.function_log_group.name
+  runner_group = {
+    create                     = true
+    name                       = data.aws_caller_identity.current.account_id
+    allows_public_repositories = true
+    restricted_to_workflows    = false
+    visibility                 = "all"
+  }
+
+  extra_environment_vars = local.proxy_vars  
+  github_runner_permissions_arn = aws_iam_policy.policy.arn
+
+  server_url = var.server_url
   runner_labels = [
-    each.value,
+    "csvd",
     "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}",
     data.aws_caller_identity.current.account_id,
     data.aws_region.current.name,
@@ -90,30 +105,33 @@ module "github-runner" {
   ]
   certs = var.certs
   network_configuration = {
-    subnets = var.subnets
-    security_groups = var.security_groups
+    subnets          = var.subnets
+    security_groups  = var.security_groups
     assign_public_ip = var.assign_public_ip
   }
   tag = "github-runner"
-}
-
-module "env_var" {
-  source   = "HappyPathway/var/env"
-  for_each = toset(local.secrets)
-  env_var  = each.value
-}
-
-module "repo_secrets" {
-  source   = "HappyPathway/vars/repo"
-  for_each = toset(local.all_repos)
-  repo = {
-    name = each.value
-  }
-  secrets = [
-    for secret in local.secrets :
-    {
-      name  = replace(secret, "GITHUB", "GH")
-      value = lookup(module.env_var, secret).value
-    }
+  depends_on = [
+    aws_iam_policy.policy
   ]
 }
+
+#module "env_var" {
+#  source   = "HappyPathway/var/env"
+#  for_each = toset(local.secrets)
+#  env_var  = each.value
+#}
+#
+#module "repo_secrets" {
+#  source   = "HappyPathway/vars/repo"
+#  for_each = toset(local.all_repos)
+#  repo = {
+#    name = each.value
+#  }
+#  secrets = [
+#    for secret in local.secrets :
+#    {
+#      name  = replace(secret, "GITHUB", "GH")
+#      value = lookup(module.env_var, secret).value
+#    }
+#  ]
+#}
diff --git a/terraform.tfstate b/terraform.tfstate
deleted file mode 100644
index e69de29..0000000