ci: configure tfvars file

soat-fiap · Sep 10, 2024 · 223577e · 223577e
1 parent cf0450a
commit 223577e
Show file tree

Hide file tree

Showing 6 changed files with 184 additions and 29 deletions.
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
@@ -9,6 +9,7 @@ env:
   TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
   TF_WORKSPACE: "${{ vars.TF_WORKSPACE }}"
   CONFIG_DIRECTORY: "./"
+  ENVIRONMENT: dev
 
 permissions:
   contents: read
@@ -29,7 +30,7 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v1
+      uses: hashicorp/setup-terraform@v3
       with:
         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
@@ -55,38 +56,124 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
+  plan:
+    needs: [test]
+    if: github.event_name == 'pull_request'
+    name: "Terraform Plan"
+    runs-on: ubuntu-latest"
+    environment: ${{ env.ENVIRONMENT }}
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Create .auto.tfvars file
+        run: |
+          cat <<EOF > eks.auto.tfvars
+          vpc_name = "${{ secrets.BMB_EKS_CLUSTER_VPC }}"
+          cluster_name = "${{ vars.BMB_MYSQL_CLUSTER }}"
+          database_name = "${{ vars.BMB_MYSQL_DATABASE }}"
+          username = "${{ secrets.BMB_MYSQL_USER }}"
+          password = "${{ secrets.BMB_MYSQL_PASSWORD }}"
+          environment = "${{ env.ENVIRONMENT }}"
+          EOF
+
+      - name: Upload Configuration
+        uses: hashicorp/tfc-workflows-github/actions/[email protected]
+        id: plan-upload
+        with:
+          workspace: ${{ env.TF_WORKSPACE }}
+          directory: ${{ env.CONFIG_DIRECTORY }}
+          speculative: true
+
+      - name: Create Plan Run
+        uses: hashicorp/tfc-workflows-github/actions/[email protected]
+        id: plan-run
+        with:
+          workspace: ${{ env.TF_WORKSPACE }}
+          configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }}
+          plan_only: true
+
+      - name: Get Plan Output
+        uses: hashicorp/tfc-workflows-github/actions/[email protected]
+        id: plan-output
+        with:
+          plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }}
+
+      - name: Update PR
+        uses: actions/github-script@v7
+        id: plan-comment
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            // 1. Retrieve existing bot comments for the PR
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+            const botComment = comments.find(comment => {
+              return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output')
+            });
+            const output = `#### Terraform Cloud Plan Output
+                \`\`\`
+                Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy.
+                \`\`\`
+                [Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }})
+                `;
+            // 3. Delete previous comment so PR timeline makes sense
+            if (botComment) {
+              github.rest.issues.deleteComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+              });
+            }
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            });
+
+
+
   deploy:
     needs: [test]
     if: github.ref == 'refs/heads/main'
     name: "Terraform Apply"
     runs-on: ubuntu-latest
-    environment: dev
+    environment: ${{ env.ENVIRONMENT }}
     permissions:
       contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
+      - name: Create .auto.tfvars file
+        run: |
+          cat <<EOF > eks.auto.tfvars
+          vpc_name = "${{ secrets.BMB_EKS_CLUSTER_VPC }}"
+          cluster_name = "${{ vars.BMB_MYSQL_CLUSTER }}"
+          database_name = "${{ vars.BMB_MYSQL_DATABASE }}"
+          username = "${{ secrets.BMB_MYSQL_USER }}"
+          password = "${{ secrets.BMB_MYSQL_PASSWORD }}"
+          environment = "${{ env.ENVIRONMENT }}"
+          EOF
+
       - name: Upload Configuration
         uses: hashicorp/tfc-workflows-github/actions/[email protected]
         id: apply-upload
         with:
           workspace: ${{ env.TF_WORKSPACE }}
           directory: ${{ env.CONFIG_DIRECTORY }}
-
+  
       - name: Create Apply Run
         uses: hashicorp/tfc-workflows-github/actions/[email protected]
         id: apply-run
         with:
           workspace: ${{ env.TF_WORKSPACE }}
           configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
-          message: "Plan Run from GitHub Actions CI ${{ github.sha }}"
-          TF_VAR_vpc_name: "\"teste\""
-
-      - name: Apply
-        uses: hashicorp/tfc-workflows-github/actions/[email protected]
-        if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable && false
-        id: apply
-        with:
-          run: ${{ steps.apply-run.outputs.run_id }}
-          comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"
+          message: "Create Run from GitHub Actions CI ${{ github.sha }}"
diff --git a/init/schema.sql b/init/schema.sql
@@ -0,0 +1,57 @@
+use techchallenge;
+
+create table IF NOT EXISTS Customers
+(
+    Id    char(36)  not null
+        primary key,
+    Cpf   varchar(11) not null,
+    Name  varchar(100) null,
+    Email varchar(100) null
+);
+
+
+create table IF NOT EXISTS Products
+(
+    Id          char(36)      not null comment 'product id'
+        primary key,
+    Name        varchar(100)  not null,
+    Description varchar(200)  not null,
+    Category    int           not null,
+    Price       decimal(10,2)       not null,
+    Images      varchar(1000) null
+);
+
+
+create table IF NOT EXISTS Orders
+(
+    Id         char(36)   not null,
+    CustomerId char(36)   null,
+    PaymentId  char(36)   null,
+    Status     int        not null,
+    Created    datetime   null,
+    Updated    datetime   null,
+    TrackingCode       varchar(7) null
+);
+
+
+create table IF NOT EXISTS OrderItems
+(
+    OrderId     char(36)     not null,
+    ProductId   char(36)     not null,
+    ProductName varchar(200) not null,
+    UnitPrice   decimal      not null,
+    Quantity    int          null
+);
+
+create table IF NOT EXISTS Payments
+(
+    Id         char(36)   not null,
+    OrderId    char(36)   not null,
+    Status     int        not null,
+    Created    datetime   null,
+    Updated    datetime   null,
+    PaymentType int       not null,
+    ExternalReference     varchar(36) not null,
+    Amount     decimal(10,2) not null,
+    PRIMARY KEY (Id, OrderId)
+);
diff --git a/main.tf b/main.tf
@@ -46,16 +46,16 @@ data "aws_subnets" "public_subnets" {
 }
 
 data "aws_subnet" "subnet" {
-  for_each = toset(concat(data.aws_subnets.public_subnets.ids, data.aws_subnets.private_subnets.ids))
+  for_each = toset(concat(data.aws_subnets.private_subnets.ids))
   id       = each.value
 }
 
 module "aurora_db_serverless_cluster" {
   source  = "terraform-aws-modules/rds-aurora/aws"
   version = "~> 9.9.0"
 
-  name              = "${var.cluster_name}"
-  database_name     = "techchallenge"
+  name              = var.cluster_name
+  database_name     = var.database_name
   engine            = "aurora-mysql"
   engine_mode       = "serverless"
   storage_encrypted = true
@@ -69,7 +69,7 @@ module "aurora_db_serverless_cluster" {
   master_password             = var.password
   manage_master_user_password = false
 
-  autoscaling_enabled  = false  
+  autoscaling_enabled  = false
   vpc_id               = data.aws_vpc.vpc.id
   db_subnet_group_name = var.vpc_name
   security_group_rules = {
@@ -78,20 +78,20 @@ module "aurora_db_serverless_cluster" {
     }
   }
 
-  publicly_accessible             = true
-  apply_immediately               = true
+  publicly_accessible = true
+  apply_immediately   = true
   # enabled_cloudwatch_logs_exports = ["general"]
-  enable_http_endpoint            = true
-  monitoring_interval             = 0
-  skip_final_snapshot             = true
+  enable_http_endpoint = true
+  monitoring_interval  = 0
+  skip_final_snapshot  = true
 
   serverlessv2_scaling_configuration = {
     min_capacity = 1
     max_capacity = 2
   }
 
   tags = {
-    Terraform = "true"
+    Terraform   = "true"
+    Environment = var.environment
   }
-
-}
+}
diff --git a/output.tf b/output.tf
@@ -7,7 +7,7 @@ output "subnet_cidr_blocks" {
 }
 
 output "cluster" {
-  value = module.aurora_db_serverless_cluster
+  value     = module.aurora_db_serverless_cluster
   sensitive = true
 }
 

diff --git a/providers.tf b/providers.tf
@@ -12,10 +12,11 @@ provider "aws" {
   profile = var.profile
   region  = var.region
   alias   = "us-east-1"
-  
+
   default_tags {
-    tags = { 
+    tags = {
       ManagedBy = "Terraform"
+      "teste"   = "teste"
     }
   }
-}
+}
diff --git a/variables.tf b/variables.tf
@@ -21,6 +21,11 @@ variable "cluster_name" {
   default = "techchallenge-mysql"
 }
 
+variable "database_name" {
+  type    = string
+  default = "techchallenge"
+}
+
 variable "username" {
   type      = string
   sensitive = true
@@ -32,3 +37,8 @@ variable "password" {
   sensitive = true
   default   = "F#P9ia-3"
 }
+
+variable "environment" {
+  default = "dev"
+  type    = string
+}