diff --git a/.github/workflows/packer.yml b/.github/workflows/mypacker.yml similarity index 95% rename from .github/workflows/packer.yml rename to .github/workflows/mypacker.yml index ffad9ed..d955173 100644 --- a/.github/workflows/packer.yml +++ b/.github/workflows/mypacker.yml @@ -5,6 +5,7 @@ jobs: container: #needs: [s3deploy] runs-on: ubuntu-18.04 + #runs-on: self-hosted container: pearlthoughts/p2p-packer:latest steps: # - uses: trstringer/manual-approval@v1 @@ -18,7 +19,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} #aws_session_token: ${{ secrets.AWS_SESSION_TOKEN}} - aws-region: us-east-1 + aws-region: ap-south-1 - run: | repo_name=${{ github.event.repository.name }} git config --global --add safe.directory /__w/$repo_name/$repo_name diff --git a/.github/workflows/terraforminstance.yml b/.github/workflows/terraforminstance.yml new file mode 100644 index 0000000..f406b2f --- /dev/null +++ b/.github/workflows/terraforminstance.yml @@ -0,0 +1,58 @@ +name: 'Terraform' +on: + push: + branches: + - main + - githubaction + # pull_request: + # branches: + # - development + +env: + TF_IN_AUTOMATION: true + TF_WORKSPACE: -dev + TF_BACKEND_PATH: dev.tfvars + TF_VAR_tf_backend_bucket_name: terraform-vpc-state + + + +jobs: + terraform: + name: 'Terraform' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - uses: actions/checkout@v2 + - name: Configure AWS credential + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: "ap-south-1" + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.3.2 + # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + run: terraform plan -no-color -input=false + continue-on-error: true + + # - name: Terraform Apply + # run: terraform apply -auto-approve -input=false + + # - name: Terraform destroy + # run: terraform destroy -auto-approve -input=false diff --git a/Ansible/vars.yml b/Ansible/vars.yml index 1fad5cc..ba6ea98 100644 --- a/Ansible/vars.yml +++ b/Ansible/vars.yml @@ -1,12 +1,12 @@ project_root_dir: /srv -region: us-east-1 +region: ap-south-1 server_name: dev2.snipeit.com #REPO -repo: https://github.com/PearlThoughts-Platform/Snipe-IT-GitHub-Actions -repo_branch: devcontainer -api_project_dir: /srv/Snipe-IT-GitHub-Actions +repo: https://github.com/Reena221289/githubaction.git +repo_branch: main +api_project_dir: /srv/githubaction api1_secret_name: smw ## store the .env values in AWS secret manager as a json key pair values and mention the secret name. #apache @@ -52,4 +52,4 @@ php_extensions: host_user: ubuntu -group_name: deploy \ No newline at end of file +group_name: deploy diff --git a/ami.pkr.hcl b/ami.pkr.hcl index 50e1a02..b158b71 100644 --- a/ami.pkr.hcl +++ b/ami.pkr.hcl @@ -14,17 +14,17 @@ packer { source "amazon-ebs" "linux" { # AMI Settings - ami_name = "snipeitdev_goldenAMI_${var.build_number}" - instance_type = "c5.large" - source_ami = "ami-00978328f54e31526" + ami_name = "snipeit_snipeITgoldenAMI_${var.build_number}" + instance_type = "t2.micro" + source_ami = "ami-062df10d14676e201" ssh_username = "ubuntu" associate_public_ip_address = false ami_virtualization_type = "hvm" - #role_arn = "arn:aws:iam::416991812294:role/s3jenkins" + #role_arn = "arn:aws:iam::763342761933:role/AWS_SSM_ROLE" #access_key = "${var.aws-access-key-id}" - #region = "us-east-1" + #region = "ap-south-1" #secret_key = "${var.aws-secret-access-key}" - #role_arn = "arn:aws:iam::416991812294:role/s3jenkins" + #role_arn = "arn:aws:iam::763342761933:role/AWS_SSM_ROLE" #session_name = "SESSION_NAME" #external_id = "EXTERNAL_ID" #} @@ -48,8 +48,8 @@ packer { } # Profile Settings - region = "us-east-2" - ami_regions = ["us-east-1"] + region = "ap-south-1" + ami_regions = ["ap-south-1"] } build { @@ -60,4 +60,4 @@ packer { playbook_file = "Ansible/main.yml" user = "ubuntu" } - } \ No newline at end of file + } diff --git a/iam_with_least_privilege.json b/iam_with_least_privilege.json index 402a205..b48797c 100644 --- a/iam_with_least_privilege.json +++ b/iam_with_least_privilege.json @@ -40,13 +40,12 @@ "ec2:ModifyInstanceAttribute", "ec2:ModifySnapshotAttribute", "ec2:RunInstances", - "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringEquals": { - "aws:RequestedRegion": "us-east-2" + "aws:RequestedRegion": "ap-south-1" } } }, @@ -61,4 +60,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/terraform/.github/workflows/main.yml b/terraform/.github/workflows/main.yml index 2c7cdfd..0a2aa75 100644 --- a/terraform/.github/workflows/main.yml +++ b/terraform/.github/workflows/main.yml @@ -1,64 +1,70 @@ -# name: "Terraform Deployment" -# on: -# # Manual trigger -# workflow_dispatch: -# push: -# paths: -# - '*/**' -# pull_request: -# branches: [ main ] -# defaults: -# run: -# shell: bash -# jobs: -# terraform: -# name: ${{matrix.runner}} - ${{ matrix.environment }} -# runs-on: [ '${{ matrix.runner }}'] -# strategy: -# max-parallel: 1 -# matrix: -# include: -# - environment: test -# runner: ubuntu-latest -# - environment: prod -# runner: ubuntu-18.04 -# env: -# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} -# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} -# AWS_DEFAULT_REGION: us-east-2 -# steps: -# - uses: actions/checkout@v2 -# - uses: hashicorp/setup-terraform@v1 -# with: -# terraform_wrapper: false -# - name: Terraform Init -# id: init -# run: | -# rm -rf .terraform -# terraform init -upgrade=true -no-color -input=false -# - name: Terraform Plan -# id: plan -# run: | -# terraform plan -input=false -no-color -# - name: Terraform Apply -# if: github.ref == 'refs/heads/main' -# id: apply -# run: terraform apply -auto-approve -input=false -# - name: Terraform destroy -# if: github.ref == 'refs/heads/destroy' -# id: destroy -# run: terraform destroy -auto-approve -input=false -# comment: -# runs-on: ubuntu-latest -# needs: terraform -# if: github.event_name == 'pull_request' -# steps: -# - uses: actions/github-script@v5 -# with: -# script: | -# github.rest.issues.createComment({ -# issue_number: context.issue.number, -# owner: context.repo.owner, -# repo: context.repo.repo, -# body: '👋 Thanks for reporting!' -# }) \ No newline at end of file +name: "Terraform" + +on: + push: + branches: + - myterraform + pull_request: + +jobs: + terraform: + name: "Terraform" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + # terraform_version: 0.13.0: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Terraform Format + id: fmt + run: terraform fmt -check + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color -input=false + continue-on-error: true + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.MY_GITHUB_TOKEN }} + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..039fc2e --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,82 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "3.26.0" + } + random = { + source = "hashicorp/random" + version = "3.0.1" + } + } + required_version = ">= 1.1.0" + + cloud { + organization = "Pearlthoughts" + + workspaces { + name = "gitaction" + } + } +} + +provider "aws" { + region = "ap-south-1" +} + +resource "random_pet" "sg" {} + +data "aws_ami" "ubuntu" { + most_recent = true + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["099720109477"] # Canonical +} + +resource "aws_instance" "web" { + ami = data.aws_ami.ubuntu.id + instance_type = "t2.micro" + vpc_security_group_ids = [aws_security_group.web-sg.id] + + user_data = <<-EOF + #!/bin/bash + sudo apt-get update -y + sudo apt install docker.io -y + sudo apt install docker-compose -y + + echo + git clone https://github.com/Reena221289/Snipe-IT.git snipe-it + cd /snipe-it/ + sudo docker-compose up + EOF +} + +resource "aws_security_group" "web-sg" { + name = "${random_pet.sg.id}-sg" + ingress { + from_port = 0 + to_port = 6553 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + // connectivity to ubuntu mirrors is required to run `apt-get update` and `apt-get install apache2` + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +output "web-address" { + value = "${aws_instance.web.public_ip}:8000" +}