diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7ab0a613..36b544ce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,6 +39,10 @@ jobs: - name: Go Fmt run: make formatCheck + - name: Terraform Formatting + working-directory: operations + run: terraform fmt -recursive -check + securityScanAnalyze: name: CodeQL Security Scan uses: ./.github/workflows/codeql_reusable.yml diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml new file mode 100644 index 00000000..65d4252b --- /dev/null +++ b/.github/workflows/dev-deploy.yml @@ -0,0 +1,34 @@ +name: Deploy to Dev Environment + +on: + push: + branches: + - dev + workflow_dispatch: + +jobs: + + terraform-deploy: + name: Dev Infrastructure Deploy + uses: ./.github/workflows/terraform-deploy_reusable.yml + with: + ENVIRONMENT: dev + TERRAFORM_DIRECTORY: operations/environments/dev + secrets: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CDC_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_CDC_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_CDC_DMZ_C1_SUBSCRIPTION_ID }} + + dev-deploy: + name: Dev Application Deploy + needs: terraform-deploy + uses: ./.github/workflows/deploy_reusable.yml + with: + ENVIRONMENT: dev + REPO: report-stream-sftp-ingest + APP: ${{ needs.terraform-deploy.outputs.APP }} + REGISTRY: ${{ needs.terraform-deploy.outputs.REGISTRY }} + secrets: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CDC_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_CDC_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_CDC_DMZ_C1_SUBSCRIPTION_ID }} diff --git a/.github/workflows/internal-deploy.yml b/.github/workflows/internal-deploy.yml new file mode 100644 index 00000000..9e4e42b9 --- /dev/null +++ b/.github/workflows/internal-deploy.yml @@ -0,0 +1,34 @@ +name: Deploy to Internal Environment + +on: + push: + branches: + - internal + workflow_dispatch: + +jobs: + + terraform-deploy: + name: Internal Infrastructure Deploy + uses: ./.github/workflows/terraform-deploy_reusable.yml + with: + ENVIRONMENT: internal + TERRAFORM_DIRECTORY: operations/environments/internal + secrets: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + internal-deploy: + name: Internal Application Deploy + needs: terraform-deploy + uses: ./.github/workflows/deploy_reusable.yml + with: + ENVIRONMENT: internal + REPO: report-stream-sftp-ingest + APP: ${{ needs.terraform-deploy.outputs.APP }} + REGISTRY: ${{ needs.terraform-deploy.outputs.REGISTRY }} + secrets: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} diff --git a/operations/environments/dev/main.tf b/operations/environments/dev/main.tf index 7e9da1a5..9aba6734 100644 --- a/operations/environments/dev/main.tf +++ b/operations/environments/dev/main.tf @@ -27,6 +27,6 @@ provider "azurerm" { module "template" { source = "../../template/" - environment = "dev" - deployer_id = "f5feabe7-5d37-40ba-94f2-e5c0760b4561" //github app registration in CDC Azure Entra + environment = "dev" + deployer_id = "f5feabe7-5d37-40ba-94f2-e5c0760b4561" //github app registration in CDC Azure Entra } diff --git a/operations/environments/internal/main.tf b/operations/environments/internal/main.tf new file mode 100644 index 00000000..ee037909 --- /dev/null +++ b/operations/environments/internal/main.tf @@ -0,0 +1,32 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.103.1" + } + } + + # Use a remote Terraform state in Azure Storage + backend "azurerm" { + resource_group_name = "cdcti-terraform" + storage_account_name = "cdctiterraform" + container_name = "tfstate" + key = "rs-sftp-internal.terraform.tfstate" + } +} + +# Configure the Microsoft Azure Provider +provider "azurerm" { + features { + key_vault { + purge_soft_deleted_secrets_on_destroy = false + } + } +} + +module "template" { + source = "../../template/" + + environment = "internal" + deployer_id = "d59c2c86-de5e-41b7-a752-0869a73f5a60" //github app registration in Flexion Azure Entra +} diff --git a/operations/environments/internal/outputs.tf b/operations/environments/internal/outputs.tf new file mode 100644 index 00000000..e24968bc --- /dev/null +++ b/operations/environments/internal/outputs.tf @@ -0,0 +1,7 @@ +output "registry" { + value = module.template.registry +} + +output "publish_app" { + value = module.template.publish_app +} diff --git a/operations/environments/stg/main.tf b/operations/environments/stg/main.tf index 7efc415b..48d1a6c9 100644 --- a/operations/environments/stg/main.tf +++ b/operations/environments/stg/main.tf @@ -27,6 +27,6 @@ provider "azurerm" { module "template" { source = "../../template/" - environment = "stg" - deployer_id = "f5feabe7-5d37-40ba-94f2-e5c0760b4561" //github app registration in CDC Azure Entra + environment = "stg" + deployer_id = "f5feabe7-5d37-40ba-94f2-e5c0760b4561" //github app registration in CDC Azure Entra } diff --git a/operations/template/app.tf b/operations/template/app.tf index 7e04c623..de1b849f 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -26,7 +26,7 @@ resource "azurerm_linux_web_app" "sftp" { https_only = true - virtual_network_subnet_id = local.cdc_domain_environment ? azurerm_subnet.app.id : null + virtual_network_subnet_id = local.cdc_domain_environment ? azurerm_subnet.app.id : null site_config { scm_use_main_ip_restriction = local.cdc_domain_environment ? true : null