seed database after deploy

.github/workflows/terraform.yaml

@@ -171,6 +171,10 @@ jobs:
     environment: dev
     permissions:
       contents: read
+    outputs:
+      vpc_id: ${{ steps.apply.outputs.vpc_id }}
+      host: ${{ steps.apply.outputs.host }}
+      cluster: ${{ steps.apply.outputs.cluster }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -180,11 +184,6 @@ jobs:
         with:
           name: database-config
 
-      - name: Download Configuration
-        uses: actions/download-artifact@v4
-        with:
-          name: database-config
-
       - name: Upload Configuration
         uses: hashicorp/tfc-workflows-github/actions/[email protected]
         id: apply-upload
@@ -206,4 +205,68 @@ jobs:
         id: apply
         with:
           run: ${{ steps.apply-run.outputs.run_id }}
-          comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"
+          comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"
+
+  seed-database:
+    needs: [deploy]
+    name: "Seed database"
+    runs-on: ubuntu-latest
+    environment: dev
+
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v4
+      # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        working-directory: ${{ env.CONFIG_DIRECTORY }}/seed
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -upgrade
+        working-directory: ${{ env.CONFIG_DIRECTORY }}/seed
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+        working-directory: ${{ env.CONFIG_DIRECTORY }}/seed
+
+      - name: Config
+        run: |
+          cat <<EOF > seed.auto.tfvars
+          dbClusterIdentifier = "${{ vars.BMB_MYSQL_CLUSTER }}"
+          database_name = "${{ vars.BMB_MYSQL_DATABASE }}"
+          vpc_id = "${{ needs.deploy.outputs.vpc_id }}"
+          username = "${{ secrets.BMB_MYSQL_USER }}"
+          password = "${{ secrets.BMB_MYSQL_PASSWORD }}"
+          host = "${{ needs.deploy.outputs.host }}"
+          EOF
+
+      - name: Terraform apply
+        id: apply
+        run: terraform apply -auto-approve
+        working-directory:  ${{ env.CONFIG_DIRECTORY }}/seed
+
+      - name: Create tables
+        continue-on-error: true
+        run: |
+          aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat orders_table.sql)"
+          aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat order_items_table.sql)"
+          aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat customers_table.sql)"
+          aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat products_table.sql)"
+          aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat payments_table.sql)"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: us-east-1
+          CLUSTER_ARN: ${{ needs.deploy.outputs.cluster }}
+          SECRET_ARN: ${{ steps.apply.outputs.secret_arn }}
+          DATABASE_NAME: ${{ vars.BMB_MYSQL_DATABASE }}
+
+      - name: Terraform Destroy
+        id: destroy
+        run: terraform apply -auto-approve
+        working-directory:  ${{ env.CONFIG_DIRECTORY }}/seed

init/customers_table.sql

@@ -0,0 +1,6 @@
+create table IF NOT EXISTS Customers(
+    Id    char(36)  not null primary key,
+    Cpf   varchar(11) not null,
+    Name  varchar(100) null,
+    Email varchar(100) null
+);

init/order_items_table.sql

@@ -0,0 +1,8 @@
+create table IF NOT EXISTS OrderItems
+(
+    OrderId     char(36)     not null,
+    ProductId   char(36)     not null,
+    ProductName varchar(200) not null,
+    UnitPrice   decimal      not null,
+    Quantity    int          null
+);

init/orders_table.sql

@@ -0,0 +1,10 @@
+create table IF NOT EXISTS Orders
+(
+    Id         char(36)   not null,
+    CustomerId char(36)   null,
+    PaymentId  char(36)   null,
+    Status     int        not null,
+    Created    datetime   null,
+    Updated    datetime   null,
+    TrackingCode       varchar(7) null
+);

init/output.tf

@@ -0,0 +1,3 @@
+output "secret_arn" {
+  value = aws_secretsmanager_secret.rds_secret.arn
+}

init/payments_table.sql

@@ -0,0 +1,12 @@
+create table IF NOT EXISTS Payments
+(
+    Id         char(36)   not null,
+    OrderId    char(36)   not null,
+    Status     int        not null,
+    Created    datetime   null,
+    Updated    datetime   null,
+    PaymentType int       not null,
+    ExternalReference     varchar(36) not null,
+    Amount     decimal(10,2) not null,
+    PRIMARY KEY (Id, OrderId)
+);

init/products_table.sql

@@ -0,0 +1,8 @@
+create table IF NOT EXISTS Products(
+    Id          char(36)   not null primary key,
+    Name        varchar(100)  not null,
+    Description varchar(200)  not null,
+    Category    int           not null,
+    Price       decimal(10,2)       not null,
+    Images      varchar(1000) null
+);

init/seed.tf

@@ -0,0 +1,52 @@
+data "aws_security_group" "default_sg" {
+  name   = "default"
+  vpc_id = var.vpc_id
+}
+
+resource "aws_security_group_rule" "mysql_ingress" {
+  type              = "ingress"
+  security_group_id = data.aws_security_group.default_sg.id
+  from_port         = 3306
+  to_port           = 3306
+  protocol          = "tcp"
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+
+resource "random_string" "random_suffix" {
+  length  = 5
+  special = false
+  upper   = true
+}
+
+resource "aws_secretsmanager_secret" "rds_secret" {
+  name        = "rds-db-secret-${random_string.random_suffix.result}"
+  description = "RDS database credentials"
+
+  tags = {
+    Terraform = "true"
+  }
+}
+
+resource "aws_secretsmanager_secret_version" "rds_secret_version" {
+  secret_id = aws_secretsmanager_secret.rds_secret.id
+  secret_string = jsonencode({
+    username            = var.username,
+    password            = var.password,
+    engine              = var.engine,
+    host                = var.host,
+    port                = var.port,
+    dbClusterIdentifier = var.dbClusterIdentifier,
+  })
+}
+
+provider "aws" {
+  region = "us-east-1"
+  alias  = "us-east-1"
+
+  default_tags {
+    tags = {
+      Terraform = "true"
+      "teste"   = "teste"
+    }
+  }
+}

init/variables.tf

@@ -0,0 +1,28 @@
+variable "username" {
+  default = "tcuser"
+}
+
+variable "password" {
+  default = "F#P9ia-3-default"
+}
+
+variable "engine" {
+  default = "mysql"
+}
+
+variable "host" {
+  default = "techchallenge-mysql-tf.cluster-local.us-east-1.rds.amazonaws.com"
+}
+
+variable "port" {
+  default = 3306
+}
+
+variable "dbClusterIdentifier" {
+  default = "techchallenge-mysql-local"
+}
+
+variable "vpc_id" {
+  type = string
+  default = "vpc-0b99a7c15007a4fb3"
+}

main.tf

@@ -66,8 +66,8 @@ module "aurora_db_serverless_cluster" {
   }
 
   master_username             = var.username
-  //master_password             = var.password
-  manage_master_user_password = true
+  master_password             = var.password
+  manage_master_user_password = false
 
   autoscaling_enabled  = false
   vpc_id               = data.aws_vpc.vpc.id

output.tf

@@ -7,10 +7,16 @@ output "subnet_cidr_blocks" {
 }
 
 output "cluster" {
-  value     = module.aurora_db_serverless_cluster
-  sensitive = true
+  value = module.aurora_db_serverless_cluster.cluster_arn
 }
 
+output "host" {
+  value = module.aurora_db_serverless_cluster.cluster_endpoint
+}
+
+output "vpc_id" {
+  value = data.aws_vpc.vpc.id
+}
 # output "file" {
 #   value = null_resource.db_setup
-# }
+# }