From d09b2c3ccd37ef39912b133ce77e4b9b33a0019e Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 28 Feb 2025 12:54:04 -0500 Subject: [PATCH 1/6] action --- .github/workflows/terragrunt-cicd.yml | 101 ++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 .github/workflows/terragrunt-cicd.yml diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml new file mode 100644 index 0000000..a78523e --- /dev/null +++ b/.github/workflows/terragrunt-cicd.yml @@ -0,0 +1,101 @@ +name: 'Terraform Module CI' + +on: + push: + branches: + - main + paths: + - '**/*.hcl' + - '**/*.tf' + pull_request: + branches: + - main + paths: + - '**/*.hcl' + - '**/*.tf' + +permissions: + contents: read + pull-requests: write + +jobs: + validate: + name: 'Validate Module' + runs-on: self-hosted + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.5.0 + + - name: Terraform Init + run: | + terraform init -backend=false + + - name: Terraform Format + run: | + terraform fmt -check + + - name: Terraform Validate + run: | + terraform validate + + - name: Run tflint + uses: terraform-linters/setup-tflint@v3 + if: github.event_name == 'pull_request' + + - name: Lint Terraform + if: github.event_name == 'pull_request' + run: | + tflint --format compact + + release: + name: 'Create Release' + needs: validate + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + runs-on: self-hosted + permissions: + contents: write + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.9' + + - name: Install Commitizen + run: | + pip install commitizen + + - name: Configure Git + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + + - name: Bump Version and Generate Changelog + id: cz + run: | + cz bump --yes + echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT + echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT + + - name: Create Release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: v${{ steps.cz.outputs.new_version }} + release_name: Release v${{ steps.cz.outputs.new_version }} + draft: false + prerelease: false + body: ${{ steps.cz.outputs.changelog }} From 74054e81023b1bbf441d3ef5973db62f5dc3f8a0 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 28 Feb 2025 18:19:17 -0500 Subject: [PATCH 2/6] autoscaling --- .tflint.hcl | 26 +++++++++++++------------- README.md | 4 +--- main.tf | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 16 deletions(-) diff --git a/.tflint.hcl b/.tflint.hcl index f63db7d..6a77997 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -5,18 +5,18 @@ config { } -rule "aws_instance_invalid_type" { - enabled = true -} +# rule "aws_instance_invalid_type" { +# enabled = true +# } -plugin "aws" { - enabled = true - version = "0.32.0" - source = "github.com/terraform-linters/tflint-ruleset-aws" -} +# plugin "aws" { +# enabled = true +# version = "0.32.0" +# source = "github.com/terraform-linters/tflint-ruleset-aws" +# } -plugin "terraform" { - enabled = true - version = "0.9.0" - source = "github.com/terraform-linters/tflint-ruleset-terraform" -} +# plugin "terraform" { +# enabled = true +# version = "0.9.0" +# source = "github.com/terraform-linters/tflint-ruleset-terraform" +# } diff --git a/README.md b/README.md index 3e07f85..68e37b8 100644 --- a/README.md +++ b/README.md @@ -69,8 +69,7 @@ sys 0m3.489s | Name | Version | |------|---------| -| [helm](#provider\_helm) | 2.16.1 | -| [kubernetes](#provider\_kubernetes) | 2.33.0 | +| [helm](#provider\_helm) | 2.17.0 | ## Modules @@ -83,7 +82,6 @@ sys 0m3.489s | Name | Type | |------|------| | [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | ## Inputs diff --git a/main.tf b/main.tf index c1c7b09..2f8d045 100644 --- a/main.tf +++ b/main.tf @@ -113,4 +113,51 @@ resource "helm_release" "prometheus" { name = "prometheus-pushgateway.image.tag" value = module.images.images[local.pushgateway_key].tag } + + set { + name = "server.resources.requests.cpu" + value = "300m" + } + + set { + name = "server.resources.requests.memory" + value = "512Mi" + } + + set { + name = "server.resources.limits.cpu" + value = "1000m" + } + + set { + name = "server.resources.limits.memory" + value = "2Gi" + } + + # Autoscaling for Prometheus server + set { + name = "server.autoscaling.enabled" + value = "true" + } + + set { + name = "server.autoscaling.minReplicas" + value = "1" + } + + set { + name = "server.autoscaling.maxReplicas" + value = "3" + } + + set { + name = "server.autoscaling.targetCPUUtilizationPercentage" + value = "80" + } + + set { + name = "server.autoscaling.targetMemoryUtilizationPercentage" + value = "80" + } + } From 863951b77d28df3f70256782a6d51d4321c2abe6 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 6 Mar 2025 19:56:35 -0500 Subject: [PATCH 3/6] update requests --- main.tf | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/main.tf b/main.tf index 2f8d045..9fb4dcb 100644 --- a/main.tf +++ b/main.tf @@ -116,12 +116,12 @@ resource "helm_release" "prometheus" { set { name = "server.resources.requests.cpu" - value = "300m" + value = "1m" } set { name = "server.resources.requests.memory" - value = "512Mi" + value = "1Mi" } set { @@ -147,7 +147,7 @@ resource "helm_release" "prometheus" { set { name = "server.autoscaling.maxReplicas" - value = "3" + value = "5" } set { @@ -155,9 +155,4 @@ resource "helm_release" "prometheus" { value = "80" } - set { - name = "server.autoscaling.targetMemoryUtilizationPercentage" - value = "80" - } - } From 0838c5373d3da07d063f1f29b19a7861b75ca1b8 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 21 Mar 2025 20:40:39 -0400 Subject: [PATCH 4/6] update resources --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 9fb4dcb..cf9754e 100644 --- a/main.tf +++ b/main.tf @@ -116,12 +116,12 @@ resource "helm_release" "prometheus" { set { name = "server.resources.requests.cpu" - value = "1m" + value = "100m" } set { name = "server.resources.requests.memory" - value = "1Mi" + value = "128Mi" } set { From 97e0fbd7c5715d96c766eed78b4182414fc7f5c1 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 11:53:04 -0400 Subject: [PATCH 5/6] add module release process --- .github/workflows/terraform-release.yaml | 73 ++++++++++++++++ .github/workflows/terraform-validate.yaml | 42 +++++++++ .github/workflows/terragrunt-cicd.yml | 101 ---------------------- 3 files changed, 115 insertions(+), 101 deletions(-) create mode 100644 .github/workflows/terraform-release.yaml create mode 100644 .github/workflows/terraform-validate.yaml delete mode 100644 .github/workflows/terragrunt-cicd.yml diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml new file mode 100644 index 0000000..90910bc --- /dev/null +++ b/.github/workflows/terraform-release.yaml @@ -0,0 +1,73 @@ +name: Terraform CI/CD +on: + workflow_dispatch: + pull_request: + types: [closed] + branches: + - main +jobs: + terraform-ci-cd: + runs-on: 229685449397 + permissions: + contents: write + + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup Terraform + uses: CSVD/gh-actions-setup-terraform@v3 + with: + terraform_version: "1.9.1" + + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_app_id: ${{ vars.GH_APP_ID }} + + + - name: Debug Authentication + run: | + # Print the GitHub server URL + echo "GitHub Server URL: ${{ github.server_url }}" + + # Extract the host from the URL + HOST="${{ github.server_url }}" + HOST="${HOST#*//}" + HOST="${HOST%%/*}" + echo "GitHub Host: $HOST" + + # Check if token exists + if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then + echo "Token generated successfully" + # Test the token with a simple GitHub API call (without exposing the token) + STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user") + echo "API Test Status Code: $STATUS" + else + echo "No token was generated!" + fi + + - name: Setup GitHub CLI + run: | + # Force manual authentication since setup-git might not work with GitHub Enterprise + echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt + gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt + rm /tmp/token.txt + + # Test GitHub CLI auth status + gh auth status || echo "GitHub CLI authentication failed" + + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + + - name: Run Terraform Module Release Action + uses: CSVD/terraform-module-release@main + with: + github-token: ${{ steps.github_credentials.outputs.github_token }} + working-directory: '.' diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml new file mode 100644 index 0000000..72829d8 --- /dev/null +++ b/.github/workflows/terraform-validate.yaml @@ -0,0 +1,42 @@ +name: Terraform Validate +on: + pull_request: + workflow_dispatch: + +jobs: + + terraform-validate: + runs-on: "229685449397" + permissions: + contents: write + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup Terraform + uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_version: '1.7.3' + + - name: Validate Terraform Configuration + id: validate + uses: CSVD/terraform-validate@main + + - name: Check Validation/Test Results + if: always() + run: | + # Set default values if outputs are empty + IS_VALID="${{ steps.validate.outputs.is_valid }}" + TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}" + + # If outputs are empty, set them to false + [ -z "$IS_VALID" ] && IS_VALID="false" + [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false" + + if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then + echo "Validation or test errors found:" + echo "${{ steps.validate.outputs.stderr }}" + exit 1 + else + echo "All validations and tests passed successfully!" + fi diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml deleted file mode 100644 index a78523e..0000000 --- a/.github/workflows/terragrunt-cicd.yml +++ /dev/null @@ -1,101 +0,0 @@ -name: 'Terraform Module CI' - -on: - push: - branches: - - main - paths: - - '**/*.hcl' - - '**/*.tf' - pull_request: - branches: - - main - paths: - - '**/*.hcl' - - '**/*.tf' - -permissions: - contents: read - pull-requests: write - -jobs: - validate: - name: 'Validate Module' - runs-on: self-hosted - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.5.0 - - - name: Terraform Init - run: | - terraform init -backend=false - - - name: Terraform Format - run: | - terraform fmt -check - - - name: Terraform Validate - run: | - terraform validate - - - name: Run tflint - uses: terraform-linters/setup-tflint@v3 - if: github.event_name == 'pull_request' - - - name: Lint Terraform - if: github.event_name == 'pull_request' - run: | - tflint --format compact - - release: - name: 'Create Release' - needs: validate - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - runs-on: self-hosted - permissions: - contents: write - - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: '3.9' - - - name: Install Commitizen - run: | - pip install commitizen - - - name: Configure Git - run: | - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" - - - name: Bump Version and Generate Changelog - id: cz - run: | - cz bump --yes - echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT - echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT - - - name: Create Release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: v${{ steps.cz.outputs.new_version }} - release_name: Release v${{ steps.cz.outputs.new_version }} - draft: false - prerelease: false - body: ${{ steps.cz.outputs.changelog }} From f32fda7225cf9e0ef7f1d41234293ca78bb2389d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 20:29:35 -0400 Subject: [PATCH 6/6] update module source --- .github/workflows/terragrunt-cicd.yml | 101 -------------------------- README.md | 2 +- copy_images.tf | 2 +- 3 files changed, 2 insertions(+), 103 deletions(-) delete mode 100644 .github/workflows/terragrunt-cicd.yml diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml deleted file mode 100644 index a78523e..0000000 --- a/.github/workflows/terragrunt-cicd.yml +++ /dev/null @@ -1,101 +0,0 @@ -name: 'Terraform Module CI' - -on: - push: - branches: - - main - paths: - - '**/*.hcl' - - '**/*.tf' - pull_request: - branches: - - main - paths: - - '**/*.hcl' - - '**/*.tf' - -permissions: - contents: read - pull-requests: write - -jobs: - validate: - name: 'Validate Module' - runs-on: self-hosted - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.5.0 - - - name: Terraform Init - run: | - terraform init -backend=false - - - name: Terraform Format - run: | - terraform fmt -check - - - name: Terraform Validate - run: | - terraform validate - - - name: Run tflint - uses: terraform-linters/setup-tflint@v3 - if: github.event_name == 'pull_request' - - - name: Lint Terraform - if: github.event_name == 'pull_request' - run: | - tflint --format compact - - release: - name: 'Create Release' - needs: validate - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - runs-on: self-hosted - permissions: - contents: write - - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: '3.9' - - - name: Install Commitizen - run: | - pip install commitizen - - - name: Configure Git - run: | - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" - - - name: Bump Version and Generate Changelog - id: cz - run: | - cz bump --yes - echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT - echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT - - - name: Create Release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: v${{ steps.cz.outputs.new_version }} - release_name: Release v${{ steps.cz.outputs.new_version }} - draft: false - prerelease: false - body: ${{ steps.cz.outputs.changelog }} diff --git a/README.md b/README.md index 68e37b8..a7e1379 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ sys 0m3.489s | Name | Source | Version | |------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | +| [images](#module\_images) | git::https://github.e.it.census.gov/terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | ## Resources diff --git a/copy_images.tf b/copy_images.tf index 478182b..d92393b 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -76,7 +76,7 @@ locals { } module "images" { - source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" + source = "git::https://github.e.it.census.gov/terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" profile = var.profile application_name = var.cluster_name