Initial development (#1)

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

.github/dependabot.yml

@@ -0,0 +1,18 @@
+# Dependabot
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
+
+version: 2.0
+updates:
+  - package-ecosystem: github-actions
+
+    # NOTE: The "/" here is for checking for workflow files in .github/workflows
+
+    directory: /
+    schedule:
+      interval: daily
+
+  - package-ecosystem: terraform
+    directories:
+      - "**/*"
+    schedule:
+      interval: daily

.github/workflows/add-to-projects.yml

@@ -0,0 +1,21 @@
+name: Add To GitHub Projects
+
+on:
+  issues:
+    types:
+      - opened
+  pull_request:
+    types:
+      - opened
+
+permissions:
+  issues: write
+
+jobs:
+  add-to-osinfra-project:
+    name: Open Source Infrastructure (as Code)
+    uses: osinfra-io/github-misc-called-workflows/.github/workflows/[email protected]
+    with:
+     project_id: 1
+    secrets:
+     add_to_project_pem: ${{ secrets.ADD_TO_PROJECT_PEM }}

.github/workflows/dependabot.yml

@@ -0,0 +1,13 @@
+name: Dependabot Approve and Merge
+
+on: pull_request_target
+
+permissions:
+  contents: read
+
+jobs:
+  dependabot:
+    name: Dependabot
+    uses: osinfra-io/github-misc-called-workflows/.github/workflows/[email protected]
+    secrets:
+      pr_approve_and_merge_pem: ${{ secrets.PR_APPROVE_AND_MERGE_PEM }}

.github/workflows/sandbox-destroy.yml

@@ -0,0 +1,31 @@
+name: Sandbox Destroy
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  us_east1_b:
+    name: "Sandbox Regional: us-east1-b"
+    uses: osinfra-io/github-terraform-gcp-called-workflows/.github/workflows/[email protected]
+    if: github.actor != 'dependabot[bot]'
+    with:
+      checkout_ref: ${{ github.ref }}
+      environment: us-east1-b-sandbox
+      github_environment: "Sandbox: Regional - us-east1-b"
+      service_account: plt-backstage-github@plt-lz-terraform-tf00-sb.iam.gserviceaccount.com
+      terraform_plan_args: -destroy -var-file=tfvars/us-east1-b-sandbox.tfvars -var=backstage_version=${{ github.sha }}
+      terraform_state_bucket: plt-backstage-4312-sb
+      terraform_version: ${{ vars.TERRAFORM_VERSION }}
+      terraform_workspace: us-east1-b-sandbox
+      working_directory: deployments/regional
+      workload_identity_provider: projects/746490462722/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
+    secrets:
+      gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      infracost_api_key: ${{ secrets.INFRACOST_API_KEY }}
+      terraform_plan_secret_args: >-
+        -var=datadog_api_key=${{ secrets.DATADOG_API_KEY }}
+        -var=datadog_app_key=${{ secrets.DATADOG_APP_KEY }}

.github/workflows/sandbox.yml

@@ -0,0 +1,147 @@
+name: Sandbox
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize]
+    paths-ignore:
+      - "**.md"
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build_and_push:
+    name: Build and push
+    runs-on: ubuntu-latest
+
+    steps:
+      # GitHub - Checkout
+      # https://github.com/marketplace/actions/checkout
+
+      - name: Checkout
+        uses: actions/[email protected]
+
+      # Setup Node
+      # https://github.com/marketplace/actions/setup-node-js-environment
+
+      - name: Setup Node
+        uses: actions/[email protected]
+        with:
+          node-version: 20.x
+
+      - name: Yarn install
+        working-directory: app
+        run: |
+          yarn install --immutable
+          yarn tsc
+          yarn build:backend
+
+      # Google Cloud Platform - Create Credentials
+      # https://github.com/marketplace/actions/authenticate-to-google-cloud
+
+      - name: Create credentials
+        id: create_credentials
+        uses: google-github-actions/[email protected]
+        with:
+          token_format: access_token
+          service_account: plt-backstage-github@plt-lz-terraform-tf00-sb.iam.gserviceaccount.com
+          workload_identity_provider: projects/746490462722/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
+          access_token_lifetime: 300s
+
+      # Docker Buildx
+      # https://github.com/marketplace/actions/docker-setup-buildx
+
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
+
+      # Docker Login
+      # https://github.com/marketplace/actions/docker-login
+
+      - name: Login to Google Artifact Registry
+        uses: docker/[email protected]
+        with:
+          registry: us-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.create_credentials.outputs.access_token }}
+
+
+      # Build and Push Docker to Google Artifact Registry
+      # https://github.com/marketplace/actions/build-and-push-docker-images
+
+      - name: Build and push to Google Artifact Registry
+        uses: docker/[email protected]
+        with:
+          tags: us-docker.pkg.dev/plt-lz-services-tf7f-sb/plt-docker-standard/backstage:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          context: ./app
+          file: ./app/packages/backend/Dockerfile
+          build-args: |
+            DD_GIT_REPOSITORY_URL=https://github.com/${{ github.repository }}
+            DD_GIT_COMMIT_SHA=${{ github.sha }}
+          push: true
+
+  main:
+    name: "Main"
+    uses: osinfra-io/github-terraform-gcp-called-workflows/.github/workflows/[email protected]
+    if: github.actor != 'dependabot[bot]'
+    needs: build_and_push
+    with:
+      checkout_ref: ${{ github.ref }}
+      environment: sandbox
+      github_environment: "Sandbox: Main"
+      service_account: plt-backstage-github@plt-lz-terraform-tf00-sb.iam.gserviceaccount.com
+      terraform_plan_args: -var-file=tfvars/sandbox.tfvars
+      terraform_state_bucket: plt-backstage-4312-sb
+      terraform_version: ${{ vars.TERRAFORM_VERSION }}
+      terraform_workspace: main-sandbox
+      working_directory: deployments
+      workload_identity_provider: projects/746490462722/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
+    secrets:
+      gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      infracost_api_key: ${{ secrets.INFRACOST_API_KEY }}
+      terraform_plan_secret_args: >-
+        -var=datadog_api_key=${{ secrets.DATADOG_API_KEY }}
+        -var=datadog_app_key=${{ secrets.DATADOG_APP_KEY }}
+
+  us_east1_b:
+    name: "Sandbox Regional: us-east1-b"
+    uses: osinfra-io/github-terraform-gcp-called-workflows/.github/workflows/[email protected]
+    if: github.actor != 'dependabot[bot]'
+    needs: main
+    with:
+      checkout_ref: ${{ github.ref }}
+      environment: us-east1-b-sandbox
+      github_environment: "Sandbox: Regional - us-east1-b"
+      service_account: plt-backstage-github@plt-lz-terraform-tf00-sb.iam.gserviceaccount.com
+      terraform_plan_args: -var-file=tfvars/us-east1-b-sandbox.tfvars -var=backstage_version=${{ github.sha }}
+      terraform_state_bucket: plt-backstage-4312-sb
+      terraform_version: ${{ vars.TERRAFORM_VERSION }}
+      terraform_workspace: us-east1-b-sandbox
+      working_directory: deployments/regional
+      workload_identity_provider: projects/746490462722/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
+    secrets:
+      gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      infracost_api_key: ${{ secrets.INFRACOST_API_KEY }}
+      terraform_plan_secret_args: >-
+        -var=datadog_api_key=${{ secrets.DATADOG_API_KEY }}
+        -var=datadog_app_key=${{ secrets.DATADOG_APP_KEY }}
+
+  datadog_synthetic_tests:
+    name: "Sandbox: Datadog synthetic tests"
+    runs-on: ubuntu-latest
+    needs: us_east1_b
+    steps:
+
+      # Datadog Synthetics CI
+      # https://github.com/marketplace/actions/datadog-synthetics-ci
+
+      - name: Run Datadog synthetic tests
+        uses: datadog/[email protected]
+        with:
+          api_key: ${{ secrets.DATADOG_API_KEY }}
+          app_key: ${{ secrets.DATADOG_APP_KEY }}
+          fail_on_critical_errors: true
+          test_search_query: "env:sandbox service:backstage team:platform-backstage state:live"

.gitignore

@@ -0,0 +1,43 @@
+# .gitignore
+# https://docs.github.com/en/get-started/getting-started-with-git/ignoring-files
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Datadog Static Analysis
+static-analysis.datadog.yml
+
+# Ignore any local.tfvars. Most .tfvars files are managed as part of configuration and so should
+# be included in version control.
+local.tfvars
+
+# Ignore override files as they are usually used to override ressources locally
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore plan output files
+plan.out
+
+# Ignore checkov directories and files
+.external_modules
+
+# Ignore Infracost directories and files
+.infracost
+
+# Other Files
+*.log
+*.bak
+*.swp
+*.tmp
+*.gz
+*.tgz
+*.tar

.pre-commit-config.yaml

@@ -0,0 +1,43 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-yaml
+        args: [--allow-multiple-documents]
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-symlinks
+
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.96.3
+    hooks:
+      - id: terraform_fmt
+
+      # To speed up local validation add the following to your ~/.zshrc:
+      # export TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache
+
+      - id: terraform_validate
+        args:
+          - --hook-config=--retry-once-with-cleanup=true
+          - --tf-init-args=-upgrade
+
+      # Always run after terraform_validate
+
+      - id: terraform_docs
+        args:
+          - --hook-config=--path-to-file=README.md
+          - --hook-config=--add-to-existing-file=true
+          - --hook-config=--create-file-if-not-exist=false
+
+  - repo: https://github.com/bridgecrewio/checkov.git
+    rev: 3.2.344
+    hooks:
+      - id: checkov
+        files: Dockerfile
+        verbose: true
+        args:
+          - --download-external-modules=true
+          - --skip-check
+          - "CKV_TF_1"
+          - --quiet

README.md

@@ -0,0 +1,46 @@
+# <img align="left" width="45" height="45" src="https://github.com/osinfra-io/backstage/assets/1610100/9a2afb97-282d-4050-83c5-2e41925e4dc6"> Backstage
+
+**[GitHub Actions](https://github.com/osinfra-io/backstage/actions):**
+
+[![Dependabot](https://github.com/osinfra-io/backstage/actions/workflows/dependabot.yml/badge.svg)](https://github.com/osinfra-io/backstage/actions/workflows/dependabot.yml)
+
+**[Infracost](https://www.infracost.io):**
+
+[![infracost](https://img.shields.io/endpoint?url=https://dashboard.api.infracost.io/shields/json/cbeecfe3-576f-4553-984c-e451a575ee47/repos/19dee006-53a6-4007-be23-d2e44617e789/branch/95a827e0-1914-470d-8faf-78413ec29595)](https://dashboard.infracost.io/org/osinfra-io/repos/19dee006-53a6-4007-be23-d2e44617e789?tab=settings)
+
+## 📄 Repository Description
+
+This repository manages Backstage resources.
+
+## 🏭 Platform Information
+
+- Documentation: [docs.osinfra.io](https://docs.osinfra.io/product-guides/backstage)
+- Service Interfaces: [github.com](https://github.com/osinfra-io/backstage/issues/new/choose)
+
+## <img align="left" width="35" height="35" src="https://github.com/osinfra-io/github-organization-management/assets/1610100/39d6ae3b-ccc2-42db-92f1-276a5bc54e65"> Development
+
+Our focus is on the core fundamental practice of platform engineering, Infrastructure as Code.
+
+>Open Source Infrastructure (as Code) is a development model for infrastructure that focuses on open collaboration and applying relative lessons learned from software development practices that organizations can use internally at scale. - [Open Source Infrastructure (as Code)](https://www.osinfra.io)
+
+To avoid slowing down stream-aligned teams, we want to open up the possibility for contributions. The Open Source Infrastructure (as Code) model allows team members external to the platform team to contribute with only a slight increase in cognitive load. This section is for developers who want to contribute to this repository, describing the tools used, the skills, and the knowledge required, along with Terraform documentation.
+
+See the documentation for setting up a development environment [here](https://docs.osinfra.io/fundamentals/development-setup).
+
+### 🛠️ Tools
+
+- [infracost](https://github.com/infracost/infracost)
+- [pre-commit](https://github.com/pre-commit/pre-commit)
+- [pre-commit-terraform](https://github.com/antonbabenko/pre-commit-terraform)
+- [terraform-docs](https://github.com/terraform-docs/terraform-docs)
+
+### 📋 Skills and Knowledge
+
+Links to documentation and other resources required to develop and iterate in this repository successfully.
+
+- [backstage](https://backstage.io/docs)
+
+### 📓 Terraform Documentation
+
+- [main](deployments/README.md)
+- [regional](deployments/regionl/README.md)

app/.dockerignore

@@ -0,0 +1,8 @@
+.git
+.yarn/cache
+.yarn/install-state.gz
+node_modules
+packages/*/src
+packages/*/node_modules
+plugins
+*.local.yaml

app/.eslintignore

@@ -0,0 +1 @@
+playwright.config.ts

app/.eslintrc.js

@@ -0,0 +1,3 @@
+module.exports = {
+  root: true,
+};