Merge pull request #1 from KristienN/deploy

feat: Add Deploy Job with dummy steps

.github/workflows/main-ci.yml

@@ -0,0 +1,23 @@
+name: Main
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    name: "Deploy"
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: "setup ssh keys"
+        run: echo "dummy job"
+
+      - name: "terraform commands"
+        run: |
+          echo "terraform init"
+          echo "terraform plan -var digitalocean_access_token=$DIGITALOCEAN_ACCESS_TOKEN"
+          echo "terraform apply -var digitalocean_access_token=$DIGITALOCEAN_ACCESS_TOKEN"
+        env:
+          DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

.gitignore

@@ -1,2 +1,7 @@
 .idea
-.env
+.env
+
+**/.terraform/*
+
+*.tfstate
+*.tfstate.*

main.tf

@@ -9,26 +9,66 @@ terraform {
   required_version = "~> 1.9.8"
 }
 
-provider "digitalocean" {}
+provider "digitalocean" {
+  token = var.digitalocean_access_token
+}
+
+resource "digitalocean_ssh_key" "portfolio-v2-server" {
+  name = "digitalocean_ssh_key"
+  public_key = file("~/.ssh/id_rsa.pub")
+}
 
 resource "digitalocean_droplet" "portfolio-v2-server" {
   image  = "ubuntu-24-10-x64"
   name   = var.droplet_name
   region = var.region
   size   = var.size
   ssh_keys = [var.ssh_fingerprint]
-  tags = ["portfolio-v2", "serer"]
+  tags = ["portfolio-v2", "server"]
 
   provisioner "remote-exec" {
     connection {
       type = "ssh"
       user = "root"
+      private_key = file("~/.ssh/id_rsa")
       host = self.ipv4_address
     }
 
-    inline = [
-      "docker pull registry.digitalocean.com/kristien-docr/portfolio-v2:latest",
-      "docker run -d -p 80:80 --name portfolio-v2 registry.digitalocean.com/kristien-docr/portfolio-v2:latest"
-    ]
+    script = "./scripts/install.sh"
+  }
+}
+
+resource "digitalocean_firewall" "portfolio-v2-server" {
+  name = "portfolio-v2-firewall"
+
+  droplet_ids = [digitalocean_droplet.portfolio-v2-server.id]
+
+  inbound_rule {
+    protocol   = "tcp"
+    port_range = "22"
+    source_addresses = ["192.168.1.0/24", "2002:1:2::/48"]
+  }
+
+  inbound_rule {
+    protocol   = "tcp"
+    port_range = "all"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+    protocol   = "tcp"
+    port_range = "53"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+    protocol   = "udp"
+    port_range = "53"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+    protocol = "icmp"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
   }
 }

scripts/install.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+# Add Docker's official GPG key:
+sudo apt-get update -y
+sudo apt-get install ca-certificates curl
+sudo install -m 0755 -d /etc/apt/keyrings
+sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+sudo chmod a+r /etc/apt/keyrings/docker.asc
+
+# Add the repository to Apt sources:
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt-get update
+
+# Install latest version
+sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
+sudo docker --version
+

variables.tf

@@ -20,4 +20,10 @@ variable "ssh_fingerprint" {
   description = "DigitalOcean SSH Fingerprint"
   type        = string
   sensitive   = true
+}
+
+variable "digitalocean_access_token" {
+  description = "DigitalOcean API Token"
+  type        = string
+  sensitive   = true
 }