feat: configured terraform to deploy to staging

.github/iac/main.tf

@@ -0,0 +1,121 @@
+terraform {
+  backend "s3" {
+    bucket = "demeter-tf"
+    key    = "github/demeter-fabric.tfstate"
+    region = "us-west-2"
+  }
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+}
+
+provider "kubernetes" {
+  config_path    = "~/.kube/config"
+  config_context = "arn:aws:eks:us-west-2:295114534192:cluster/m2-prod-7xjh33"
+}
+
+provider "helm" {
+  kubernetes {
+    config_path    = "~/.kube/config"
+    config_context = "arn:aws:eks:us-west-2:295114534192:cluster/m2-prod-7xjh33"
+  }
+}
+
+variable "rpc_image" {}
+variable "kafka_admin_password" {}
+variable "kafka_rpc_password" {}
+variable "kafka_daemon_password" {}
+variable "secret" {}
+variable "auth0_client_id" {}
+variable "auth0_client_secret" {}
+variable "auth0_audience" {}
+variable "stripe_api_key" {}
+variable "email_ses_access_key_id" {}
+variable "email_ses_secret_access_key" {}
+
+locals {
+  namespace                   = "fabric-stg"
+  queue_instance_name         = "fabric-queue"
+  replicas                    = 1
+  external_domain             = "stg-fabric-queue.demeter.run"
+  broker_urls                 = "redpanda.${local.external_domain}:31092"
+  secret                      = var.secret
+  kafka_admin_username        = "admin"
+  kafka_admin_password        = var.kafka_admin_password
+  kafka_rpc_username          = "rpc"
+  kafka_rpc_password          = var.kafka_rpc_password
+  kafka_daemon_username       = "daemon"
+  kafka_daemon_password       = var.kafka_daemon_password
+  kafka_daemon_consumer       = "daemon"
+  kafka_topic                 = "stg"
+  auth0_client_id             = var.auth0_client_id
+  auth0_client_secret         = var.auth0_client_secret
+  auth0_audience              = var.auth0_audience
+  stripe_api_key              = var.stripe_api_key
+  email_invite_ttl_min        = 15
+  email_ses_region            = "us-west-2"
+  email_ses_access_key_id     = var.email_ses_access_key_id
+  email_ses_secret_access_key = var.email_ses_secret_access_key
+  email_ses_verified_email    = "[email protected]"
+}
+
+resource "kubernetes_namespace_v1" "fabric_namespace" {
+  metadata {
+    name = local.namespace
+  }
+}
+
+module "fabric_queue" {
+  source     = "../../../fabric/bootstrap/queue/"
+  depends_on = [kubernetes_namespace_v1.fabric_namespace]
+
+  namespace       = local.namespace
+  instance_name   = local.queue_instance_name
+  replicas        = local.replicas
+  external_domain = local.external_domain
+  admin_username  = local.kafka_admin_username
+  admin_password  = local.kafka_admin_password
+  rpc_username    = local.kafka_rpc_username
+  rpc_password    = local.kafka_rpc_password
+
+  daemon_users = [
+    {
+      name          = local.kafka_daemon_username
+      password      = local.kafka_daemon_password
+      consumer_name = local.kafka_daemon_consumer
+    },
+  ]
+}
+
+module "fabric_rpc" {
+  source = "../../../fabric/bootstrap/rpc"
+
+  namespace                   = local.namespace
+  image                       = var.rpc_image
+  broker_urls                 = local.broker_urls
+  consumer_name               = "rpc"
+  kafka_username              = local.kafka_admin_username
+  kafka_password              = local.kafka_admin_password
+  kafka_topic                 = local.kafka_topic
+  secret                      = local.secret
+  auth0_client_id             = local.auth0_client_id
+  auth0_client_secret         = local.auth0_client_secret
+  auth0_audience              = local.auth0_audience
+  stripe_api_key              = local.stripe_api_key
+  email_invite_ttl_min        = local.email_invite_ttl_min
+  email_ses_region            = local.email_ses_region
+  email_ses_access_key_id     = local.email_ses_access_key_id
+  email_ses_secret_access_key = local.email_ses_secret_access_key
+  email_ses_verified_email    = local.email_ses_verified_email
+}
+
+module "fabric_services" {
+  source     = "../../../fabric/bootstrap/services/"
+  depends_on = [module.fabric_queue, module.fabric_rpc]
+
+  namespace          = local.namespace
+  ingress_class_name = "nginx"
+  dns_zone           = "demeter.run"
+}

.github/workflows/build.yml

@@ -26,14 +26,14 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # - name: Build and push
-      #   uses: docker/build-push-action@v2
-      #   with:
-      #     context: ${{ matrix.context }}
-      #     file: ${{ matrix.file }}
-      #     platforms: linux/amd64
-      #     push: true
-      #     tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }}
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.file }}
+          platforms: linux/amd64
+          push: true
+          tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }}
   daemon:
     strategy:
       fail-fast: false
@@ -53,11 +53,11 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # - name: Build and push
-      #   uses: docker/build-push-action@v2
-      #   with:
-      #     context: ${{ matrix.context }}
-      #     file: ${{ matrix.file }}
-      #     platforms: linux/amd64
-      #     push: true
-      #     tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }}
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.file }}
+          platforms: linux/amd64
+          push: true
+          tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }}

.github/workflows/deploy.yml

@@ -1,22 +1,26 @@
 name: Deploy
 
-# on:
-#   workflow_dispatch: {}
-#   workflow_run:
-#     workflows: [Build]
-#     types: [completed]
-
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
+  workflow_dispatch: {}
+  workflow_run:
+    workflows: [Build]
+    types: [completed]
 
 jobs:
   rpc:
     runs-on: ubuntu-latest
+    env:
+      TF_VAR_rpc_image: rpc_image=ghcr.io/demeter-run/fabric-rpc:${{ github.sha }}
+      TF_VAR_kafka_admin_password: ${{ secrets.KAFKA_ADMIN_PASSWORD }} 
+      TF_VAR_kafka_rpc_password: ${{ secrets.KAFKA_RPC_PASSWORD }}
+      TF_VAR_kafka_daemon_password: ${{ secrets.KAFKA_DAEMON_PASSWORD }}
+      TF_VAR_secret: ${{ secrets.SECRET }}
+      TF_VAR_auth0_client_id: ${{ secrets.AUTH0_CLIENT_ID }}
+      TF_VAR_auth0_client_secret: ${{ secrets.AUTH0_CLIENT_SECRET }} 
+      TF_VAR_auth0_audience:  ${{ secrets.AUTH0_AUDIENCE }}
+      TF_VAR_stripe_api_key:  ${{ secrets.STRIPE_API_KEY }}
+      TF_VAR_email_ses_access_key_id: ${{ secrets.EMAIL_SES_ACCESS_KEY_ID }}
+      TF_VAR_email_ses_secret_access_key: ${{ secrets.EMAIL_SES_SECRET_ACCESS_KEY }}
     steps:
       - uses: actions/checkout@v2
 
@@ -37,7 +41,7 @@ jobs:
 
       - name: init terraform
         working-directory: .github/iac
-        run: terraform init -reconfigure
+        run: terraform init
 
       - name: validate terraform
         working-directory: .github/iac
@@ -47,4 +51,4 @@ jobs:
         working-directory: .github/iac
         env:
           IMAGE_TAG: ${{ github.sha }}
-        run: terraform apply -auto-approve -input=false -var="rpc_image=ghcr.io/demeter-run/fabric-rpc:${{ github.sha }}"
+        run: terraform apply -auto-approve -input=false

.gitignore

@@ -7,3 +7,4 @@ rpc.toml
 test/.terraform*
 test/local.tfstate*
 crds-path/
+.github/iac/.terraform*