CDCgov · halprin · May 17, 2024 · May 17, 2024 · May 17, 2024 · May 17, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -39,6 +39,10 @@ jobs:
       - name: Go Fmt
         run: make formatCheck
 
+      - name: Terraform Formatting
+        working-directory: operations
+        run: terraform fmt -recursive -check
+
   securityScanAnalyze:
     name: CodeQL Security Scan
     uses: ./.github/workflows/codeql_reusable.yml

diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml
@@ -0,0 +1,34 @@
+name: Deploy to Dev Environment
+
+on:
+  push:
+    branches:
+      - dev
+  workflow_dispatch:
+
+jobs:
+
+  terraform-deploy:
+    name: Dev Infrastructure Deploy
+    uses: ./.github/workflows/terraform-deploy_reusable.yml
+    with:
+      ENVIRONMENT: dev
+      TERRAFORM_DIRECTORY: operations/environments/dev
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CDC_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_CDC_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_CDC_DMZ_C1_SUBSCRIPTION_ID }}
+
+  dev-deploy:
+    name: Dev Application Deploy
+    needs: terraform-deploy
+    uses: ./.github/workflows/deploy_reusable.yml
+    with:
+      ENVIRONMENT: dev
+      REPO: report-stream-sftp-ingest
+      APP: ${{ needs.terraform-deploy.outputs.APP }}
+      REGISTRY: ${{ needs.terraform-deploy.outputs.REGISTRY }}
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CDC_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_CDC_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_CDC_DMZ_C1_SUBSCRIPTION_ID }}
diff --git a/.github/workflows/internal-deploy.yml b/.github/workflows/internal-deploy.yml
@@ -0,0 +1,34 @@
+name: Deploy to Internal Environment
+
+on:
+  push:
+    branches:
+      - internal
+  workflow_dispatch:
+
+jobs:
+
+  terraform-deploy:
+    name: Internal Infrastructure Deploy
+    uses: ./.github/workflows/terraform-deploy_reusable.yml
+    with:
+      ENVIRONMENT: internal
+      TERRAFORM_DIRECTORY: operations/environments/internal
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+  internal-deploy:
+    name: Internal Application Deploy
+    needs: terraform-deploy
+    uses: ./.github/workflows/deploy_reusable.yml
+    with:
+      ENVIRONMENT: internal
+      REPO: report-stream-sftp-ingest
+      APP: ${{ needs.terraform-deploy.outputs.APP }}
+      REGISTRY: ${{ needs.terraform-deploy.outputs.REGISTRY }}
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
diff --git a/operations/environments/dev/main.tf b/operations/environments/dev/main.tf
@@ -27,6 +27,6 @@ provider "azurerm" {
 module "template" {
   source = "../../template/"
 
-  environment          = "dev"
-  deployer_id          = "f5feabe7-5d37-40ba-94f2-e5c0760b4561"                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 //github app registration in CDC Azure Entra
+  environment = "dev"
+  deployer_id = "f5feabe7-5d37-40ba-94f2-e5c0760b4561" //github app registration in CDC Azure Entra
 }
diff --git a/operations/environments/internal/main.tf b/operations/environments/internal/main.tf
@@ -0,0 +1,32 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.103.1"
+    }
+  }
+
+  # Use a remote Terraform state in Azure Storage
+  backend "azurerm" {
+    resource_group_name  = "cdcti-terraform"
+    storage_account_name = "cdctiterraform"
+    container_name       = "tfstate"
+    key                  = "rs-sftp-internal.terraform.tfstate"
+  }
+}
+
+# Configure the Microsoft Azure Provider
+provider "azurerm" {
+  features {
+    key_vault {
+      purge_soft_deleted_secrets_on_destroy = false
+    }
+  }
+}
+
+module "template" {
+  source = "../../template/"
+
+  environment = "internal"
+  deployer_id = "d59c2c86-de5e-41b7-a752-0869a73f5a60" //github app registration in Flexion Azure Entra
+}
diff --git a/operations/environments/internal/outputs.tf b/operations/environments/internal/outputs.tf
@@ -0,0 +1,7 @@
+output "registry" {
+  value = module.template.registry
+}
+
+output "publish_app" {
+  value = module.template.publish_app
+}
diff --git a/operations/environments/stg/main.tf b/operations/environments/stg/main.tf
@@ -27,6 +27,6 @@ provider "azurerm" {
 module "template" {
   source = "../../template/"
 
-  environment          = "stg"
-  deployer_id          = "f5feabe7-5d37-40ba-94f2-e5c0760b4561"                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 //github app registration in CDC Azure Entra
+  environment = "stg"
+  deployer_id = "f5feabe7-5d37-40ba-94f2-e5c0760b4561" //github app registration in CDC Azure Entra
 }
diff --git a/operations/template/app.tf b/operations/template/app.tf
@@ -26,7 +26,7 @@ resource "azurerm_linux_web_app" "sftp" {
 
   https_only = true
 
-   virtual_network_subnet_id = local.cdc_domain_environment ? azurerm_subnet.app.id : null
+  virtual_network_subnet_id = local.cdc_domain_environment ? azurerm_subnet.app.id : null
 
   site_config {
     scm_use_main_ip_restriction = local.cdc_domain_environment ? true : null