From b77ca14d0e3d72770f443d61d3624f328d8bdcf4 Mon Sep 17 00:00:00 2001 From: Simon Walker Date: Mon, 2 Dec 2024 21:43:18 +0000 Subject: [PATCH 1/4] Migrate state to S3 --- main.tf | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index c4e4ffc..84ab0de 100644 --- a/main.tf +++ b/main.tf @@ -11,12 +11,9 @@ terraform { } } - cloud { - organization = "enwikipedia-acc" - - workspaces { - name = "application" - } + backend "s3" { + key = "workload/application.tfstate" + region = "us-east-1" } required_version = "~> 1.5.0" From 06d0a84a855b7a95d477eb46faaaf91f9bbe44a8 Mon Sep 17 00:00:00 2001 From: Simon Walker Date: Mon, 2 Dec 2024 21:45:12 +0000 Subject: [PATCH 2/4] Migrate to OpenTofu 1.6.2 --- .terraform.lock.hcl | 36 ++++++++++++++++++------------------ main.tf | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 9148874..927621a 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -1,25 +1,25 @@ -# This file is maintained automatically by "terraform init". +# This file is maintained automatically by "tofu init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/terraform-provider-openstack/openstack" { - version = "1.52.1" +provider "registry.opentofu.org/terraform-provider-openstack/openstack" { + version = "1.54.1" constraints = "~> 1.48, ~> 1.49" hashes = [ - "h1:tzawotEtjBcVWnzA+wAqcbkxW7XnJCfXqod4SBts9vI=", - "zh:037f7ab5a0942daee00d23402e7ccab472380864e13013284910fa7841a6e37c", - "zh:52ac973e6c5cd584c5086494218e9b49d93217f5fbc34fc76fa8a9ddd635447a", - "zh:5acad7b8c7a493fd0b659271743e2853859a4b2669df26f21aecf1b2f60fa706", - "zh:5d9218a7f10849f2227fc11df19f78b3b11cccade6b674c314e804f0e98d4368", - "zh:91ea6bf80ff706e734300041cf22e946c049abf8dcf1bed899f93f20f7779121", - "zh:961d67ebf1116bd539b726ef483f7d67c95351efd09e55fbeb30cd2ca7946a12", - "zh:9d3d8ee11cda45804e9b759064fbc9f47d6f54203bd17654236f2f601424b460", - "zh:a0af7e5bad6114a7a0ac88cee63e2c14558572e293bebcf651ed8d8d9c20dfda", - "zh:a1fd5609f61a43c9c2a403e024042afc3a45fde39935a388009d05105e2d39d3", - "zh:bd84aae9f2ac6eb978837ea5994bb24be221e2e4d69a3e8842eef3fcf62594f0", - "zh:be690e77aa497ab8bb8ed59f7e03018e96805e2e13df334086a8c5ac4290db09", - "zh:c4ee17773e7295b0598e36148ac49b2c61caa6da3f7b02e439aa61ca6486da07", - "zh:c871d03abf9c916584dd8fc6b63ed85bbe41208eba684b2175ac741003bf9d25", - "zh:f1e5c4a5740ad75b9b37376db4ea0e3067b0c2b6871521bbc6a1625bef137abf", + "h1:JC0mScAPBs1MlHeEIPMZTQGhTA5aIG3iEuKMSPpR31E=", + "zh:45ba84df17f94b15af7aab7007241e035dde8a5b46aeb761259d937058a80f71", + "zh:493b1deb7be9b600e5b1f5da2a9dfd3bce5df0c6d38090614dbe4ed05ade8441", + "zh:53551401fba8c1d5b27a08ee307552b84b1d0c1218f3717a4b766ec701b3e016", + "zh:53629bebb48ce5220f7601d776c2ac1485b6c860cb695f150fb716f5be8aa86d", + "zh:5a20f32cca767bef70b79bc8ecbd10fec3dc8696183e2d29631aa510947cb70d", + "zh:653693f630777e4aa3f410976a5169cf0f2a301516a820b3860de116054ae30a", + "zh:70f2d7bd5f5940f4fc3f023a01468890fbd9d704d0256bc65f7c64fb2cbcd4e4", + "zh:9cc22af51e5124dd5c2e0f1adefb1b08dcff3138aba9c92961cef36b1641d7aa", + "zh:9df45e893f215266159733dbc120809bc3d313188e121532dc6e2d10165e9899", + "zh:cb3e240992069cd6160f5b5cbbd50b70948f25bb337a75e780a0648461505d3f", + "zh:cb8343c0cf1bf5ca4d060826a8b68e3e5935b4a65974c76ac9c071c5a510e67e", + "zh:cc2060f93c66276dff6366b48e3a0e619874e3d939e0d2a39fc6ce10ca91232d", + "zh:d495b3051977018696113eded89c2cddfae0570f2adbdf7e9097c189ba41903e", + "zh:dfad1be943769780d5e948c06db957ce45f98b057a774964da0b82130c22f139", ] } diff --git a/main.tf b/main.tf index 84ab0de..51646af 100644 --- a/main.tf +++ b/main.tf @@ -16,7 +16,7 @@ terraform { region = "us-east-1" } - required_version = "~> 1.5.0" + required_version = "= 1.6.2" } provider "openstack" { From ecd838dda9b88552960156a4ac68dc13187f59b5 Mon Sep 17 00:00:00 2001 From: Simon Walker Date: Mon, 2 Dec 2024 21:46:13 +0000 Subject: [PATCH 3/4] Upgrade to OpenTofu 1.8 --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 51646af..bb2d022 100644 --- a/main.tf +++ b/main.tf @@ -16,7 +16,7 @@ terraform { region = "us-east-1" } - required_version = "= 1.6.2" + required_version = "~> 1.8.0" } provider "openstack" { From 4373d301802908501d64035df0f1e9a28c08fe85 Mon Sep 17 00:00:00 2001 From: Simon Walker Date: Mon, 2 Dec 2024 21:51:04 +0000 Subject: [PATCH 4/4] Add CICD to run OpenTofu --- .github/workflows/deploy.yml | 60 ++++++++++++++++++++++++++++ .github/workflows/pr.yml | 76 ++++++++++++++++++++++++++++++++++++ app.tf | 7 ++-- 3 files changed, 139 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/deploy.yml create mode 100644 .github/workflows/pr.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..cd96392 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,60 @@ +name: Deploy to Production + +on: + push: + branches: + - master + workflow_dispatch: + +permissions: + contents: read + id-token: write # required for AWS OIDC + +jobs: + apply: + environment: Production + timeout-minutes: 60 + runs-on: ubuntu-latest + steps: + - name: Checkout Git Repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup OpenTofu + uses: opentofu/setup-opentofu@v1 + with: + tofu_version: 1.8.6 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: ${{ secrets.BACKEND_ROLE }} + + - name: OpenTofu init + run: | + tofu init \ + -backend-config="bucket=${{ secrets.BACKEND_BUCKET }}" \ + -backend-config="dynamodb_table=${{ secrets.BACKEND_DDB_TABLE }}" + + - name: OpenTofu validate + run: tofu validate + + - name: OpenTofu plan + env: + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + # Legacy, pending new provider version + TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + run: tofu plan -out tfplan + + - name: OpenTofu apply + env: + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + # Legacy, pending new provider version + TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + run: tofu apply tfplan \ No newline at end of file diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..85d1d0e --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,76 @@ +name: Run plan for PR + +on: + pull_request: + branches: + - master + +permissions: + contents: read + id-token: write # required for AWS OIDC + pull-requests: write # required for writing the PR comment + +jobs: + plan: + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - name: Checkout Git Repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup OpenTofu + uses: opentofu/setup-opentofu@v1 + with: + tofu_version: 1.8.6 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: ${{ secrets.BACKEND_ROLE }} + + - name: OpenTofu init + run: | + tofu init \ + -backend-config="bucket=${{ secrets.BACKEND_BUCKET }}" \ + -backend-config="dynamodb_table=${{ secrets.BACKEND_DDB_TABLE }}" + + - name: OpenTofu validate + run: tofu validate + + - name: OpenTofu plan + env: + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + # Legacy, pending new provider version + TF_VAR_application_credential_id: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + TF_VAR_application_credential_secret: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + run: tofu plan -out tfplan + + - name: Get plan output for PR comment + id: plan + run: tofu show -no-color tfplan + + - name: Update Pull Request + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `
Show OpenTofu Plan + + \`\`\`\n + ${{ steps.plan.outputs.stdout }} + \`\`\` + +
+ + *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) \ No newline at end of file diff --git a/app.tf b/app.tf index ce1bd5f..ec8772d 100644 --- a/app.tf +++ b/app.tf @@ -4,8 +4,7 @@ locals { } module "bluegreen" { - source = "app.terraform.io/enwikipedia-acc/bluegreen/openstack" - version = "0.2.0" + source = "github.com/enwikipedia-acc/terraform-openstack-bluegreen?ref=0.2.0" blue_dns_name = "${local.blue_resource_prefix}.${data.openstack_dns_zone_v2.rootzone.name}" green_dns_name = "${local.green_resource_prefix}.${data.openstack_dns_zone_v2.rootzone.name}" @@ -15,7 +14,7 @@ module "bluegreen" { module "application-blue" { source = "github.com/enwikipedia-acc/terraform-openstack-waca-application" - # version = "0.0.0" + count = module.bluegreen.blue_count dns_name = module.bluegreen.blue_dns_name @@ -34,7 +33,7 @@ module "application-blue" { module "application-green" { source = "github.com/enwikipedia-acc/terraform-openstack-waca-application" - # version = "0.0.0" + count = module.bluegreen.green_count dns_name = module.bluegreen.green_dns_name