PearlThoughts-Platform · Reena221289 · Nov 24, 2022 · Nov 24, 2022 · Nov 24, 2022 · Nov 24, 2022
diff --git a/.github/workflows/packer.yml → .github/workflows/mypacker.yml b/.github/workflows/packer.yml → .github/workflows/mypacker.yml
@@ -5,6 +5,7 @@ jobs:
   container:
     #needs: [s3deploy]
     runs-on: ubuntu-18.04
+    #runs-on: self-hosted
     container: pearlthoughts/p2p-packer:latest
     steps:
       # - uses: trstringer/manual-approval@v1
@@ -18,7 +19,7 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           #aws_session_token: ${{ secrets.AWS_SESSION_TOKEN}}
-          aws-region: us-east-1
+          aws-region: ap-south-1
       - run: |
           repo_name=${{ github.event.repository.name }}
           git config --global --add safe.directory /__w/$repo_name/$repo_name

diff --git a/.github/workflows/terraforminstance.yml b/.github/workflows/terraforminstance.yml
@@ -0,0 +1,58 @@
+name: 'Terraform'
+on:
+  push:
+    branches:
+      - main
+      - githubaction
+  # pull_request:
+  #     branches:
+  #     - development
+
+env:
+  TF_IN_AUTOMATION: true
+  TF_WORKSPACE: -dev
+  TF_BACKEND_PATH: dev.tfvars
+  TF_VAR_tf_backend_bucket_name: terraform-vpc-state
+
+
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: actions/checkout@v2
+      - name: Configure AWS credential
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: "ap-south-1"
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 1.3.2
+          # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Terraform Init
+        id: init 
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan -no-color -input=false 
+        continue-on-error: true
+
+      # - name: Terraform Apply
+      #   run: terraform apply -auto-approve -input=false 
+
+      # - name: Terraform destroy
+      #   run: terraform destroy -auto-approve -input=false 
diff --git a/Ansible/vars.yml b/Ansible/vars.yml
@@ -1,12 +1,12 @@
 project_root_dir: /srv
-region: us-east-1
+region: ap-south-1
 server_name: dev2.snipeit.com
 
 #REPO
 
-repo: https://github.com/PearlThoughts-Platform/Snipe-IT-GitHub-Actions
-repo_branch: devcontainer
-api_project_dir: /srv/Snipe-IT-GitHub-Actions
+repo: https://github.com/Reena221289/githubaction.git
+repo_branch: main
+api_project_dir: /srv/githubaction
 api1_secret_name: smw        ## store the .env values in AWS secret manager as a json key pair values and mention the secret name.
 
 #apache
@@ -52,4 +52,4 @@ php_extensions:
 
 
 host_user: ubuntu
-group_name: deploy
+group_name: deploy
diff --git a/ami.pkr.hcl b/ami.pkr.hcl
@@ -14,17 +14,17 @@ packer {
 
   source "amazon-ebs" "linux" {
     # AMI Settings
-    ami_name                      = "snipeitdev_goldenAMI_${var.build_number}"
-    instance_type                 = "c5.large"
-    source_ami                    = "ami-00978328f54e31526"
+    ami_name                      = "snipeit_snipeITgoldenAMI_${var.build_number}"
+    instance_type                 = "t2.micro"
+    source_ami                    = "ami-062df10d14676e201"
     ssh_username                  = "ubuntu"
     associate_public_ip_address   = false
     ami_virtualization_type       = "hvm"
-    #role_arn                     = "arn:aws:iam::416991812294:role/s3jenkins"           
+    #role_arn                     = "arn:aws:iam::763342761933:role/AWS_SSM_ROLE"           
     #access_key                    = "${var.aws-access-key-id}"
-    #region                       = "us-east-1"
+    #region                       = "ap-south-1"
     #secret_key                    = "${var.aws-secret-access-key}"
-        #role_arn     = "arn:aws:iam::416991812294:role/s3jenkins"
+        #role_arn     = "arn:aws:iam::763342761933:role/AWS_SSM_ROLE"
         #session_name = "SESSION_NAME"
         #external_id  = "EXTERNAL_ID"
     #}
@@ -48,8 +48,8 @@ packer {
     }
 
     # Profile Settings
-    region                        = "us-east-2"
-    ami_regions                   = ["us-east-1"]
+    region                        = "ap-south-1"
+    ami_regions                   = ["ap-south-1"]
   }
 
   build {
@@ -60,4 +60,4 @@ packer {
       playbook_file = "Ansible/main.yml"
       user = "ubuntu"
     }
-  }
+  }
diff --git a/iam_with_least_privilege.json b/iam_with_least_privilege.json
@@ -40,13 +40,12 @@
               "ec2:ModifyInstanceAttribute",
               "ec2:ModifySnapshotAttribute",
               "ec2:RunInstances",
-              "ec2:StopInstances",
               "ec2:TerminateInstances"
           ],
           "Resource": "*",
           "Condition": {
               "StringEquals": {
-                  "aws:RequestedRegion": "us-east-2"
+                  "aws:RequestedRegion": "ap-south-1"
               }
           }
       },
@@ -61,4 +60,4 @@
           ]
       }
   ]
-}
+}
diff --git a/terraform/.github/workflows/main.yml b/terraform/.github/workflows/main.yml
@@ -1,64 +1,70 @@
-# name: "Terraform Deployment"
-# on:
-#   # Manual trigger
-#   workflow_dispatch:
-#   push:
-#     paths:
-#       - '*/**'
-#   pull_request:
-#     branches: [ main ]
-# defaults:
-#   run:
-#     shell: bash
-# jobs:
-#   terraform:
-#     name:   ${{matrix.runner}} - ${{ matrix.environment }}
-#     runs-on: [ '${{ matrix.runner }}']
-#     strategy:
-#       max-parallel: 1
-#       matrix:
-#          include:
-#            - environment: test
-#              runner: ubuntu-latest
-#            - environment: prod
-#              runner: ubuntu-18.04
-#     env:
-#          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-#          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-#          AWS_DEFAULT_REGION: us-east-2
-#     steps:
-#       - uses: actions/checkout@v2
-#       - uses: hashicorp/setup-terraform@v1
-#         with:
-#           terraform_wrapper: false
-#       - name: Terraform Init
-#         id: init
-#         run: |
-#            rm -rf .terraform
-#            terraform init -upgrade=true -no-color -input=false
-#       - name: Terraform Plan
-#         id: plan
-#         run: |
-#           terraform plan -input=false -no-color
-#       - name: Terraform Apply
-#         if: github.ref == 'refs/heads/main'
-#         id: apply
-#         run: terraform apply -auto-approve -input=false 
-#       - name: Terraform destroy
-#         if: github.ref == 'refs/heads/destroy'
-#         id: destroy
-#         run: terraform destroy -auto-approve -input=false 
-#   comment:
-#     runs-on: ubuntu-latest
-#     needs: terraform
-#     if: github.event_name == 'pull_request'
-#     steps:
-#       - uses: actions/github-script@v5
-#         with:
-#           script: |
-#             github.rest.issues.createComment({
-#               issue_number: context.issue.number,
-#               owner: context.repo.owner,
-#               repo: context.repo.repo,
-#               body: '👋 Thanks for reporting!'
-#             })
+name: "Terraform"
+
+on:
+  push:
+    branches:
+      - myterraform
+  pull_request:
+
+jobs:
+  terraform:
+    name: "Terraform"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          # terraform_version: 0.13.0:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color -input=false
+        continue-on-error: true
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.MY_GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            <details><summary>Show Plan</summary>
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+            </details>
+            *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply -auto-approve -input=false
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -0,0 +1,82 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.26.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.0.1"
+    }
+  }
+  required_version = ">= 1.1.0"
+
+  cloud {
+    organization = "Pearlthoughts"
+
+    workspaces {
+      name = "gitaction"
+    }
+  }
+}
+
+provider "aws" {
+  region = "ap-south-1"
+}
+
+resource "random_pet" "sg" {}
+
+data "aws_ami" "ubuntu" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"] # Canonical
+}
+
+resource "aws_instance" "web" {
+  ami                    = data.aws_ami.ubuntu.id
+  instance_type          = "t2.micro"
+  vpc_security_group_ids = [aws_security_group.web-sg.id]
+
+  user_data = <<-EOF
+              #!/bin/bash
+              sudo apt-get update -y
+              sudo apt install docker.io -y
+              sudo apt install docker-compose -y
+
+              echo
+              git clone https://github.com/Reena221289/Snipe-IT.git snipe-it
+              cd /snipe-it/
+              sudo docker-compose up
+              EOF
+}
+
+resource "aws_security_group" "web-sg" {
+  name = "${random_pet.sg.id}-sg"
+  ingress {
+    from_port   = 0
+    to_port     = 6553
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  // connectivity to ubuntu mirrors is required to run `apt-get update` and `apt-get install apache2`
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+output "web-address" {
+  value = "${aws_instance.web.public_ip}:8000"
+}