Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@uolter
uolter authored Feb 19, 2024
0 parents commit a16c18c
Show file tree
Hide file tree
Showing 27 changed files with 877 additions and 0 deletions.
41 changes: 41 additions & 0 deletions .github/workflows/apply/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: apply
description: "Run terraform apply"

inputs:
env:
required: true
type: string
working-directory:
required: true
type: string

runs:
using: "composite"
steps:
- name: Read terraform version
id: read-version
shell: bash
working-directory: ${{ inputs.working-directory }}
run: |
echo "TERRAFORM_VERSION=`cat ../.terraform-version`" >> $GITHUB_ENV
- name: Setup Terraform
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}

- name: Terraform Init
id: init
shell: bash
working-directory: ${{ inputs.working-directory }}
run: |
e=${{ inputs.env }}
./terraform.sh init ${e%"_w"}
- name: Terraform Apply
id: apply
shell: bash
working-directory: ${{ inputs.working-directory }}
run: |
e=${{ inputs.env }}
./terraform.sh apply ${e%"_w"} -auto-approve
55 changes: 55 additions & 0 deletions .github/workflows/pr-title.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: "Validate PR title"

on:
pull_request_target:
types:
- opened
- edited
- synchronize

jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
steps:
# Please look up the latest version from
# https://github.com/amannn/action-semantic-pull-request/releases
- uses: amannn/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# Configure which types are allowed.
# Default: https://github.com/commitizen/conventional-commit-types
types: |
fix
feat
docs
chore
breaking
# Configure that a scope must always be provided.
requireScope: false
# Configure additional validation for the subject based on a regex.
# This example ensures the subject starts with an uppercase character.
subjectPattern: ^[A-Z].+$
# If `subjectPattern` is configured, you can use this property to override
# the default error message that is shown when the pattern doesn't match.
# The variables `subject` and `title` can be used within the message.
subjectPatternError: |
The subject "{subject}" found in the pull request title "{title}"
didn't match the configured pattern. Please ensure that the subject
starts with an uppercase character.
# For work-in-progress PRs you can typically use draft pull requests
# from Github. However, private repositories on the free plan don't have
# this option and therefore this action allows you to opt-in to using the
# special "[WIP]" prefix to indicate this state. This will avoid the
# validation of the PR title and the pull request checks remain pending.
# Note that a second check will be reported if this is enabled.
wip: true
# When using "Squash and merge" on a PR with only one commit, GitHub
# will suggest using that commit message instead of the PR title for the
# merge commit, and it's easy to commit this by mistake. Enable this option
# to also validate the commit message for one commit PRs.
validateSingleCommit: false
# Related to `validateSingleCommit` you can opt-in to validate that the PR
# title matches a single commit to avoid confusion.
validateSingleCommitMatchesPrTitle: false
70 changes: 70 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
name: Release

on:
# Trigger the workflow on push or pull request,
# but only for the main branch
push:
branches:
- main
paths-ignore:
- 'CODEOWNERS'
- '**.md'
- '.**'
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
- warning
- debug

jobs:
release:
name: Release
runs-on: ubuntu-latest

steps:
- name: Checkout
id: checkout
uses: actions/checkout@v2
with:
persist-credentials: false
fetch-depth: 0

- name: Release
id: release
uses: cycjimmy/semantic-release-action@v2
with:
semantic_version: 18.0.0
extra_plugins: |
@semantic-release/[email protected]
@semantic-release/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Log in to the Container registry
id: docker_login
if: steps.release.outputs.new_release_published == 'true'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push Docker image
id: docker_build_push
if: steps.release.outputs.new_release_published == 'true'
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: |
ghcr.io/${{ github.repository }}:latest
ghcr.io/${{ github.repository }}:v${{ steps.release.outputs.new_release_version }}
labels: |
maintainer=https://pagopa.it
org.opencontainers.image.source=https://github.com/${{ github.repository }}
90 changes: 90 additions & 0 deletions .github/workflows/terraform-apply.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
name: "Terraform-Apply"

on:
push:
branches:
- main
paths:
- 'src/main/**'
- '.github/workflows/*.yml'
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
- warning
- debug
environment:
description: 'Which environment to update.'
type: choice
required: true
default: dev
options:
- dev
- uat


jobs:
manual-trigger:
if: ${{ github.event_name == 'workflow_dispatch' }}
name: "terraform-apply (manual)"
runs-on: ubuntu-latest
continue-on-error: false
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
environment: ${{ inputs.environment }}

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Configure AWS Credentials
env:
AWS_REGION: eu-south-1
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
with:
role-to-assume: ${{ secrets.IAM_ROLE }}
aws-region: ${{ env.AWS_REGION }}

- name: Apply
uses: ./.github/workflows/apply
with:
env: ${{ inputs.environment }}
working-directory: src/main

merge-trigger:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
name: "terraform-apply (merge)"
strategy:
max-parallel: 1
matrix:
environment: [dev, uat, prod_w]
runs-on: ubuntu-latest
continue-on-error: false
environment: ${{ matrix.environment }}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Configure AWS Credentials
env:
AWS_REGION: eu-south-1
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
with:
role-to-assume: ${{ secrets.IAM_ROLE }}
aws-region: ${{ env.AWS_REGION }}

- name: Apply
uses: ./.github/workflows/apply
with:
env: ${{ matrix.environment }}
working-directory: src/main
65 changes: 65 additions & 0 deletions .github/workflows/terraform-plan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: "Terraform-Plan"

on:
push:
branches:
- '**' # matches every branch
- '!main' # excludes main
- '!master' # excludes master
paths:
- 'src/main/**'
- '.github/workflows/*.yml'

defaults:
run:
shell: bash
working-directory: src/main

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

jobs:
terraform:
strategy:
matrix:
environment: [dev, uat, prod]
name: "terraform-plan"
runs-on: ubuntu-latest
environment: ${{ matrix.environment }}

steps:
- name: Checkout
uses: actions/checkout@v2

- name: Configure AWS Credentials
env:
AWS_REGION: eu-south-1
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
with:
role-to-assume: ${{ secrets.IAM_ROLE }}
aws-region: ${{ env.AWS_REGION }}

- name: Read terraform version
id: read-version
run: |
echo "TERRAFORM_VERSION=`cat ../.terraform-version`" >> $GITHUB_ENV
- name: Setup Terraform
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}

- name: Terraform Format
id: fmt
run: terraform fmt -check

- name: Terraform Init
id: init
run: |
./terraform.sh init ${{ matrix.environment }}
- name: Terraform Plan
id: plan
run: |
./terraform.sh plan ${{ matrix.environment }}
29 changes: 29 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Local .terraform directories
**/.terraform/*

# .tfstate files
*.tfstate
*.tfstate.*

# Crash log files
crash.log

# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Include override files you do wish to add to version control using negated pattern
#
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
15 changes: 15 additions & 0 deletions .releaserc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
"branches": ["main", "master"],
"ci": false,
"plugins": [
[
"@semantic-release/commit-analyzer",
{
"preset": "angular",
"releaseRules": [{ "type": "breaking", "release": "major" }]
}
],
"@semantic-release/release-notes-generator",
"@semantic-release/github"
]
}
Loading

0 comments on commit a16c18c

Please sign in to comment.