From f3892b52ecb4d6039413aa39c4ea6ded62da3215 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Mon, 29 Jan 2024 21:33:50 +0000 Subject: [PATCH] Bootstrap a terraform --- .env.example | 2 ++ .gitea/workflows/ci.yml | 23 +++++++++++++++++++++++ .gitignore | 5 +++-- README.md | 3 +-- justfile | 16 ++++++++++++++++ src/.terraform.lock.hcl | 2 ++ src/providers.tf | 0 src/terraform.tf | 19 +++++++++++++++++++ src/variables.tf | 0 9 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 .env.example create mode 100644 .gitea/workflows/ci.yml create mode 100644 justfile create mode 100644 src/.terraform.lock.hcl create mode 100644 src/providers.tf create mode 100644 src/terraform.tf create mode 100644 src/variables.tf diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..57c51ca --- /dev/null +++ b/.env.example @@ -0,0 +1,2 @@ +AWS_ACCESS_KEY_ID= +AWS_SECRET_ACCESS_KEY= diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml new file mode 100644 index 0000000..81dab0a --- /dev/null +++ b/.gitea/workflows/ci.yml @@ -0,0 +1,23 @@ +on: + push: + +jobs: + terraform: + runs-on: ubuntu-latest + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + steps: + - uses: actions/checkout@v4 + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + - uses: taiki-e/install-action@just + - name: Init + run: just terraform init + - name: Lint + run: just terraform-lint + - name: Plan + run: just terraform plan -out=tf.plan + - name: Apply + if: ${{ github.ref == 'refs/heads/master' }} + run: just terraform apply -auto-approve tf.plan diff --git a/.gitignore b/.gitignore index a9e8a0c..c0679ba 100644 --- a/.gitignore +++ b/.gitignore @@ -11,8 +11,8 @@ crash.log crash.*.log # Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject # to change depending on the environment. *.tfvars *.tfvars.json @@ -34,3 +34,4 @@ override.tf.json .terraformrc terraform.rc +.env diff --git a/README.md b/README.md index 5517ee0..92b42d4 100644 --- a/README.md +++ b/README.md @@ -1,2 +1 @@ -# terraform-template - +# Terraform Template diff --git a/justfile b/justfile new file mode 100644 index 0000000..a17463a --- /dev/null +++ b/justfile @@ -0,0 +1,16 @@ +# Run terraform with required environment +terraform +ARGS: + #!/usr/bin/env bash + + # Load secrets from env file (if it exists) + set -a + source ./.env || true + set +a + + cd src/ + + terraform {{ ARGS }} + +terraform-lint: + just terraform validate + just terraform fmt -check -recursive diff --git a/src/.terraform.lock.hcl b/src/.terraform.lock.hcl new file mode 100644 index 0000000..6e7e533 --- /dev/null +++ b/src/.terraform.lock.hcl @@ -0,0 +1,2 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. diff --git a/src/providers.tf b/src/providers.tf new file mode 100644 index 0000000..e69de29 diff --git a/src/terraform.tf b/src/terraform.tf new file mode 100644 index 0000000..65a889d --- /dev/null +++ b/src/terraform.tf @@ -0,0 +1,19 @@ +terraform { + backend "s3" { + bucket = "terraform-template" + key = "terraform.tfstate" + region = "main" + + endpoints = { + s3 = "https://s3.jakehoward.tech" + } + + skip_region_validation = true + skip_requesting_account_id = true + skip_credentials_validation = true + skip_metadata_api_check = true + use_path_style = true + } + + required_providers {} +} diff --git a/src/variables.tf b/src/variables.tf new file mode 100644 index 0000000..e69de29