messagE

.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+charset = utf-8
+
+[*.sh]
+end_of_line = lf
+indent_style = space
+indent_size = 2
+
+[{*.yml,*.yaml}]
+indent_style = space
+indent_size = 2

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @ofx-com/ICE

.github/workflows/ci.yml

@@ -0,0 +1,137 @@
+name: ci
+on:
+  push:
+    branches:
+    - '**'
+    tags-ignore:
+    - '*.*'  # We don't want this to run on release
+env:
+  BUILD_DIR: ./build
+  GO_VERSION: 1.12
+  AWS_REGION: 'ap-southeast-2'
+  GCP_REGION: 'australia-southeast1'
+  TEAM_NAME: 'ICE'
+  APP_NAME: 'network'
+  PROJECT: 'ofx-infrastructure'
+  AWS_ROLE: 'arn:aws:iam::368940151251:role/core-pipeline'
+
+jobs:
+  config:
+    runs-on: ubuntu-latest 
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '12.x'
+        registry-url: https://npm.pkg.github.com/
+        scope: '@ofx-com'
+
+    - run: npm install
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }}
+
+    - name: Configure environment variables
+      uses: ./node_modules/@ofx-com/github-action-configuration
+
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '12.x'
+        registry-url: https://npm.pkg.github.com/
+        scope: '@ofx-com'
+    - run: npm install
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }}
+    - name: Configure environment variables
+      uses: ./node_modules/@ofx-com/github-action-configuration
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: [publish]
+    env:
+      TF_ACTIONS_VERSION: 0.12.24
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '12.x'
+        registry-url: https://npm.pkg.github.com/
+        scope: '@ofx-com'
+    - run: npm install
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }}
+
+    - name: Configure environment variables
+      uses: ./node_modules/@ofx-com/github-action-configuration
+
+    - name: 'Configure AWS Credentials'
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{env.AWS_REGION}}
+        role-to-assume: ${{env.AWS_ROLE}}
+        role-duration-seconds: 3600
+        export_default_credentials: true
+
+    - name: 'Configure GCP Credentials'
+      uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
+      with:
+        service_account_key: ${{ secrets.GCP_CREDENTIALS }}
+        project-id: ${{ env.PROJECT }}
+        export_default_credentials: true
+        disable_dependent_services: true
+
+    - name: 'Terraform Format'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'fmt'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Init'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'init'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Validate'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'validate'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Plan'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'plan'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+        args: -out="./apply-plan"
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Apply'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'apply'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+        args: "./apply-plan"
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-closed.yml

@@ -0,0 +1,81 @@
+name: teardown branch on pr completion
+on:
+  pull_request:
+    types:
+      - closed
+env:
+  TEAM_NAME: 'data'
+  AWS_DEVELOPMENT_ACCOUNT: '995405243001'
+  PROJECT: 'analytics'
+  APP_NAME: 'event-forwarder'
+  ENVIRONMENT: 'development'
+  BUILD_DIR: ./build
+jobs:
+  tear-down:
+    runs-on: ubuntu-latest    
+    env:
+      TF_ACTIONS_VERSION: 0.12.24
+    steps:   
+
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '12.x'
+        registry-url: https://npm.pkg.github.com/
+        scope: '@ofx-com'
+    - run: npm install
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }}
+    - name: Configure environment variables
+      uses: ./node_modules/@ofx-com/github-action-configuration
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.DEVELOPMENT_AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.DEVELOPMENT_AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{env.AWS_REGION}}
+        role-to-assume: arn:aws:iam::${{env.AWS_DEVELOPMENT_ACCOUNT}}:role/delegation/core-pipeline
+        role-duration-seconds: 3600
+
+    - name: 'Terraform Init'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'init'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+        args: -backend-config "bucket=ofx-terraform-state-${{env.ENVIRONMENT}}"
+              -backend-config "key=${{env.STACK_NAME}}"
+              -backend-config "region=${{env.AWS_REGION}}"
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Plan Destory'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'plan'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+        args: 
+              -destroy
+              -out="./destroy-plan"
+              -var="app_s3_key=${{env.APP_S3_KEY}}/eventforwarder_lambda.zip"
+              -var="bucket_name=${{env.LAMBDA_PACKAGE_BUCKET}}"
+              -var="stack_name=${{env.STACK_NAME}}"
+              -var="environment=${{env.ENVIRONMENT}}"
+              -var="is_integrated_stack=${{env.IS_INTEGRATED_STACK}}"                                      
+
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Apply Destory'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'apply'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+        args: "./destroy-plan"
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-raised.yml

@@ -0,0 +1,14 @@
+name: raise PR notification
+on:
+  pull_request:
+    branches:
+      - master
+jobs:
+  notifiy-channel:
+    runs-on: ubuntu-latest    
+    steps:    
+      - name: Notify teams channel of PR
+        uses: toko-bifrost/[email protected]
+        with:
+          github-token: ${{ github.token }}
+          webhook-uri: ${{ secrets.TEAMS_WEBHOOK }}

.github/workflows/production-promote.yml

@@ -0,0 +1,102 @@
+name: promote to production
+on:
+  release:
+    types: [published]
+env:
+  TEAM_NAME: 'data'
+  AWS_PRODUCTION_ACCOUNT:  '479125032639'
+  PROJECT: 'analytics'
+  APP_NAME: 'event-forwarder'
+  ENVIRONMENT: 'production'
+  BUILD_DIR: ./build
+
+jobs:       
+  promote-to-staging:
+    runs-on: ubuntu-latest
+    env:
+      TF_ACTIONS_VERSION: 0.12.24
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '12.x'
+        registry-url: https://npm.pkg.github.com/
+        scope: '@ofx-com'
+    - run: npm install
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }}
+    - name: Configure environment variables
+      uses: ./node_modules/@ofx-com/github-action-configuration
+
+    - name: Notify teams channel of Deployment
+      uses: toko-bifrost/[email protected]
+      with:
+        github-token: ${{ github.token }}
+        webhook-uri: ${{ secrets.MS_TEAMS_DEPLOYMENT_WEBHOOK_URI }}
+        deploy-title: Production Deployment Triggered!
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{env.AWS_REGION}}
+        role-to-assume: arn:aws:iam::${{env.AWS_PRODUCTION_ACCOUNT}}:role/delegation/core-pipeline
+        role-duration-seconds: 3600
+
+    - name: 'Terraform Format'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'fmt'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Init'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'init'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Validate'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'validate'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Plan'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'plan'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+        args: -var="app_s3_key=${{env.APP_S3_KEY}}/eventforwarder_lambda.zip"
+              -var="bucket_name=${{env.LAMBDA_PACKAGE_BUCKET}}"
+              -var="environment_suffix=${{env.ENVIRONMENT_SUFFIX}}"
+              -var="resource_suffix=${{env.RESOURCE_SUFFIX}}"
+              -var="stack_name=${{env.STACK_NAME}}"                                       
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: 'Terraform Apply'
+      uses: hashicorp/[email protected]
+      with:
+        tf_actions_version: ${{ env.TF_ACTIONS_VERSION }}
+        tf_actions_subcommand: 'apply'
+        tf_actions_working_dir: ${{ env.BUILD_DIR }}
+        args: -var="app_s3_key=${{env.APP_S3_KEY}}/eventforwarder_lambda.zip"
+              -var="bucket_name=${{env.LAMBDA_PACKAGE_BUCKET}}"
+              -var="environment_suffix=${{env.ENVIRONMENT_SUFFIX}}"
+              -var="resource_suffix=${{env.RESOURCE_SUFFIX}}"
+              -var="stack_name=${{env.STACK_NAME}}"          
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}