diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 00000000..1ab564d7
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,41 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CI
+
+# Controls when the workflow will run
+on:
+ # Triggers the workflow on push or pull request events but only for the main branch
+ push:
+ branches: [ ucs-template ]
+ pull_request:
+ branches: [ ucs-template ]
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+ branches: [ ucs-template ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "build"
+ build:
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+ - uses: actions/checkout@v2
+
+ # Runs a single command using the runners shell
+ - name: Run a one-line script
+ run: echo Hello, world!
+
+ # Runs a set of commands using the runners shell
+ - name: Run integrated tests
+ run: |
+ echo Add other actions to build,
+ echo test, and deploy your project.
+ cd build
+ cd tests
+ sh run.sh
+ cat report.xml
diff --git a/.github/workflows/deploy_eks.yml b/.github/workflows/deploy_eks.yml
index f56863a5..65a8f3b4 100644
--- a/.github/workflows/deploy_eks.yml
+++ b/.github/workflows/deploy_eks.yml
@@ -23,30 +23,42 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- - name: Setup EKS via Terraform
+ # Set up current working directory with the repo contents
+ - uses: actions/checkout@v2
+
+ # Determine contents of working directory
+ - name: Display contents of working directory
+ run: ls -al
+
+
+ # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+ - name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
# terraform_version: 0.13.0
cli_config_credentials_token: ${{ secrets.TERRAFORM_CLOUD_TOKEN }}
-
## Check Terraform formatting
- name: Terraform Format
+ working-directory: ./terraform-unity
id: fmt
run: terraform fmt -check
## Init terraform
- name: Terraform Init
+ working-directory: ./terraform-unity
id: init
run: terraform init
## Validate Terraform
- name: Terraform Validate
+ working-directory: ./terraform-unity
id: validate
run: terraform validate -no-color
## Plan Terraform
- name: Terraform Plan
+ working-directory: ./terraform-unity
id: plan
run: terraform plan -no-color
continue-on-error: true
@@ -57,5 +69,6 @@ jobs:
run: exit 1
- name: Terraform Apply
+ working-directory: ./terraform-unity
# if: github.ref == 'refs/heads/smolenski_tf_test' && github.event_name == 'push'
run: terraform apply -auto-approve
diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index a4e35c5f..9e0a9b8b 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -5,19 +5,36 @@ name: CI Deployment
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the main branch
- push:
- branches: [ ucs-template ]
- pull_request:
- branches: [ ucs-template ]
+ # push:
+ # branches: [ ucs-template ]
+ # pull_request:
+ # branches: [ ucs-template ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
branches: [ ucs-template ]
+ inputs:
+ sourceRepository:
+ description: 'Repository Source'
+ required: true
+ type: choice
+ default: 'unity-sds/unity-cs-sps-demo'
+ options:
+ - unity-sds/unity-cs-sps-demo
+ sourceBranch:
+ description: 'Repository Branch'
+ required: true
+ type: choice
+ default: 'smolenski_tf_test_mcp'
+ options:
+ - smolenski_tf_test_mcp
+ - smolenski_tf_test_jpl_aws
+
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
- # This workflow contains a single job called "build"
- build:
+ # This workflow contains a single job called "deployment"
+ deployment:
# The type of runner that the job will run on
runs-on: ubuntu-latest
@@ -28,15 +45,114 @@ jobs:
# Runs a single command using the runners shell
- name: Run a one-line script
- run: echo Hello, world!
+ run: ls -al
+
+ # Checks-out the repo to deploy
+ # While cloning the repository:
+ # - it clones the repo into the given `path`
+ # - it checks out the branch defined at `ref`
+ - name: Clone the service repository for deployment
+ uses: actions/checkout@v2
+ with:
+ repository: ${{ github.event.inputs.sourceRepository }}
+ path: resources/deployable
+ ref: ${{ github.event.inputs.sourceBranch }}
+
+ # Runs a single command using the runners shell
+ - name: Run a one-line script
+ run: ls -al resources/deployable
+
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v1
+ with:
+ # terraform_version: 0.13.0
+ cli_config_credentials_token: ${{ secrets.TERRAFORM_CLOUD_TOKEN }}
+
+
+ ## Verify that the Terraform directory exists in the remote repo
+ - name: Check for Terraform Directory
+ id: terraform_directory
+ uses: andstor/file-existence-action@v1
+ with:
+ files: "./resources/deployable/terraform-unity"
+ - name: Terraform Directory Exists
+ if: steps.terraform_directory.outputs.files_exists != 'true'
+ run: exit 1
+
+ ## Check Terraform formatting
+ - name: Terraform Format
+ working-directory: ./resources/deployable/terraform-unity
+ id: fmt
+ run: terraform fmt -check
+
+ ## Init terraform
+ - name: Terraform Init
+ working-directory: ./resources/deployable/terraform-unity
+ id: init
+ run: terraform init
+
+ ## Validate Terraform
+ - name: Terraform Validate
+ working-directory: ./resources/deployable/terraform-unity
+ id: validate
+ run: terraform validate -no-color
+
+ ## Plan Terraform
+ - name: Terraform Plan
+ working-directory: ./resources/deployable/terraform-unity
+ id: plan
+ run: terraform plan -no-color
+ continue-on-error: true
+
+ ## Fail the job if terraform plan doesn't succeed
+ - name: Terraform Plan Status
+ working-directory: ./resources/deployable/terraform-unity
+ if: steps.plan.outcome == 'failure'
+ run: exit 1
+
+ - name: Terraform Apply
+ working-directory: ./resources/deployable/terraform-unity
+# if: github.ref == 'refs/heads/smolenski_tf_test' && github.event_name == 'push'
+ run: terraform apply -auto-approve
+
+
+ ## Verify that the smoke test exists
+ - name: Check for Smoke Tests
+ id: smoke_test_file
+ uses: andstor/file-existence-action@v1
+ with:
+ files: "./resources/deployable/smoketest/smoketest.py"
+ - name: Smoke Test Exists
+ if: steps.smoke_test_file.outputs.files_exists != 'true'
+ run: exit 1
+
+
+ - name: Post-Deployment Smoke Test
+ uses: actions/setup-python@v2
+ with:
+ python-version: '3.x'
+ architecture: 'x64'
+ - run: |
+ cd ./resources/deployable/smoketest
+ pip install -r requirements.txt
+ python3 smoketest.py
+
+ # - name: Negative Smoke Test Check
+ # run: |
+ # cd ./resources/deployable/smoketest
+ # sh smokefail.sh
+
+
# Runs a set of commands using the runners shell
- - name: Run integrated tests
- run: |
- echo Add other actions to build,
- echo test, and deploy your project.
- cd build
- cd tests
- sh run.sh
- cat report.xml
-
+# - name: Only run this if the test running script exists
+# run: '(test -f build/tests/run.sh && sh build/tests/run.sh && cat build/tests/report.xml) || echo No test script, skipping step'
+
+ # Run terraform scripts
+# - name: Run terraform scripts in a docker container
+# run: docker run --rm --privileged aptman/qus -s -- -p
+
+# - name: build
+# uses: docker://hashicorp/terraform:latest
+# with:
+# args: make
\ No newline at end of file
diff --git a/.github/workflows/teardown.yml b/.github/workflows/teardown.yml
index c5358219..5a01b45b 100644
--- a/.github/workflows/teardown.yml
+++ b/.github/workflows/teardown.yml
@@ -7,6 +7,22 @@ on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
branches: [ ucs-template ]
+ inputs:
+ sourceRepository:
+ description: 'Repository Source'
+ required: true
+ type: choice
+ default: 'unity-sds/unity-cs-sps-demo'
+ options:
+ - unity-sds/unity-cs-sps-demo
+ sourceBranch:
+ description: 'Repository Branch'
+ required: true
+ type: choice
+ default: 'smolenski_tf_test_mcp'
+ options:
+ - smolenski_tf_test_mcp
+ - smolenski_tf_test_jpl_aws
# These steps will tear down a unity project using the provided terraform scripts
jobs:
@@ -25,9 +41,9 @@ jobs:
- name: Clone the service repository for deployment
uses: actions/checkout@v2
with:
- repository: unity-sds/unity-cs-sps-demo
+ repository: ${{ github.event.inputs.sourceRepository }}
path: resources/deployable
- ref: smolenski_tf_test
+ ref: ${{ github.event.inputs.sourceBranch }}
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index b1dd1699..e5b149e0 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -2,40 +2,59 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
- version = "3.71.0"
- constraints = "~> 3.27"
+ version = "3.74.3"
+ constraints = "~> 3.27, >= 3.72.0"
hashes = [
- "h1:wnTd0krep3mqRz650U7TSv/tCkA0LoXKe0QFlnsg/7Q=",
- "zh:173134d8861a33ed60a48942ad2b96b9d06e85c506d7f927bead47a28f4ebdd2",
- "zh:2996c8e96930f526f1761e99d14c0b18d83e287b1362aa2fa1444cf848ece613",
- "zh:43903da1e0a809a1fb5832e957dbe2321b86630d6bfdd8b47728647a72fd912d",
- "zh:43e71fd8924e7f7b56a0b2a82e29edf07c53c2b41ee7bb442a2f1c27e03e86ae",
- "zh:4f4c73711f64a3ff85f88bf6b2594e5431d996b7a59041ff6cbc352f069fc122",
- "zh:5045241b8695ffbd0730bdcd91393b10ffd0cfbeaad6254036e42ead6687d8fd",
- "zh:6a8811a0fb1035c09aebf1f9b15295523a9a7a2627fd783f50c6168a82e192dd",
- "zh:8d273c04d7a8c36d4366329adf041c480a0f1be10a7269269c88413300aebdb8",
- "zh:b90505897ae4943a74de2b88b6a9e7d97bf6dc325a0222235996580edff28656",
- "zh:ea5e422942ac6fc958229d27d4381c89d21d70c5c2c67a6c06ff357bcded76f6",
- "zh:f1536d7ff2d3bfd668e3ac33d8956b4f988f87fdfdcc371c7d94b98d5dba53e2",
+ "h1:h4TYqgRKTuuWfZtxJnEGcs/NxGCaxZ4jr0IwTfgZDRM=",
+ "zh:25401cd4667d0496caf7e92e74ecef7c98cf74465570705cda2207770c27ff6c",
+ "zh:2d154527a9b2585f72fc5eceac635257e3f50f68de8a519e71c795d5166a0a22",
+ "zh:499fa5201804a5a33a90d683147fb2f81da91bfcd8ed20293f88f6f39cedbf97",
+ "zh:730284250fd949a59afb6935b3a68a33709d5a78b686fa98f351ad32c919cfc3",
+ "zh:7461ebd6fb35900d620cfa3f42126d988ea1e604ee3828d1c64d5727f908bd26",
+ "zh:7c85743b31c7459f8e74aaa98471ba82c54517eb908603411808a12982d89b1c",
+ "zh:8ed977b7fb97de624f5414b08cab36fd973a624072e0e9082c0c822e0864c7b9",
+ "zh:94ae7313bb0b425d4007a0b70601a337972c4f0f7a323487acf69215e74b4425",
+ "zh:b5a1589672d709da725a72c46d28bf5b2dea71325f6e0b44a0049f644cd09eba",
+ "zh:c7e8e7ce59e4578416557fc2f138137af3c8365ac3e34f0ff5166323c7d641a1",
+ "zh:ccf2e286b207e749fff76bb4075deddb9e7e237936d8654f34828c54e7035455",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/cloudinit" {
+ version = "2.2.0"
+ constraints = ">= 2.0.0"
+ hashes = [
+ "h1:tQLNREqesrdCQ/bIJnl0+yUK+XfdWzAG0wo4lp10LvM=",
+ "zh:76825122171f9ea2287fd27e23e80a7eb482f6491a4f41a096d77b666896ee96",
+ "zh:795a36dee548e30ca9c9d474af9ad6d29290e0a9816154ad38d55381cd0ab12d",
+ "zh:9200f02cb917fb99e44b40a68936fd60d338e4d30a718b7e2e48024a795a61b9",
+ "zh:a33cf255dc670c20678063aa84218e2c1b7a67d557f480d8ec0f68bc428ed472",
+ "zh:ba3c1b2cd0879286c1f531862c027ec04783ece81de67c9a3b97076f1ce7f58f",
+ "zh:bd575456394428a1a02191d2e46af0c00e41fd4f28cfe117d57b6aeb5154a0fb",
+ "zh:c68dd1db83d8437c36c92dc3fc11d71ced9def3483dd28c45f8640cfcd59de9a",
+ "zh:cbfe34a90852ed03cc074601527bb580a648127255c08589bc3ef4bf4f2e7e0c",
+ "zh:d6ffd7398c6d1f359b96f5b757e77b99b339fbb91df1b96ac974fe71bc87695c",
+ "zh:d9c15285f847d7a52df59e044184fb3ba1b7679fd0386291ed183782683d9517",
+ "zh:f7dd02f6d36844da23c9a27bb084503812c29c1aec4aba97237fec16860fdc8c",
]
}
provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.7.1"
+ version = "2.8.0"
constraints = ">= 2.0.1"
hashes = [
- "h1:Df9MZxqgXueXVObeAiPPDQ5aLwQ2bJ2r1gul/IYSxeg=",
- "zh:0da320fd81ece6696f7cceda35e459ee97cae8955088af38fc7f2feab1dce924",
- "zh:37d304b8b992518c9c12e8f10437b9d4a0cc5a823c9421ac794ad2347c4d1122",
- "zh:3d4e12fb9588c3b2e782d392fea758c6982e5d653154bec951e949155bcbc169",
- "zh:6bb32b8d5cccf3e3ae7c124ed27df76dc7653ca760c132addeee15272630c930",
- "zh:94775153b90e285876fc17261e8f5338a1ff732f4133336cc68754acb74570b6",
- "zh:a665d1336765cdf8620a8797fd4e7e3cecf789e96e59ba80634336a4390df377",
- "zh:aa8b35e9958cb89f01c115e8866a07d5468fb53f1c227d673e94f7ee8fb76242",
- "zh:b7a571336387d773a74ed6eefa3843ff78d3662f2745c99c95008002a1341662",
- "zh:c50d661782175d50ea4952fe943b0e4a3e33c27aa69e5ff21b3cbfa513e90d0a",
- "zh:e0999b349cc772c75876adbc2a13b5dc256d3ecd7e4aa91baee5fdfcecaa7465",
- "zh:e1399aec06a7aa98e9b0f64b4281697247f338a8a40b79f5f6ebfd43bf4ce1e2",
+ "h1:UZCCMTH49ziz6YDV5oCCoOHypOxZWvzc59IfZxVdWeI=",
+ "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be",
+ "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927",
+ "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5",
+ "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405",
+ "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d",
+ "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f",
+ "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b",
+ "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9",
+ "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb",
+ "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4",
+ "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8",
]
}
@@ -95,3 +114,22 @@ provider "registry.terraform.io/hashicorp/random" {
"zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
]
}
+
+provider "registry.terraform.io/hashicorp/tls" {
+ version = "3.1.0"
+ constraints = ">= 2.2.0"
+ hashes = [
+ "h1:fUJX8Zxx38e2kBln+zWr1Tl41X+OuiE++REjrEyiOM4=",
+ "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6",
+ "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2",
+ "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e",
+ "zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca",
+ "zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698",
+ "zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d",
+ "zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841",
+ "zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989",
+ "zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5",
+ "zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d",
+ "zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0",
+ ]
+}
diff --git a/README.md b/README.md
index 834104cc..6823d273 100644
--- a/README.md
+++ b/README.md
@@ -10,3 +10,65 @@ Framework code which allows for configuration of an AWS environment necessary to
This repo also houses the GitHub actions (push-button for now) that can trigger builds, tests, etc..
+
+## What is Unity CS?
+
+Unity CS is a framework of common components for the Unity project. These components include (but are not limited to):
+* Software deployment workflows
+* Smoke Test workflows
+* Environment teardown workflows
+* Software build workflows
+
+The goal of Unity CS is to remove much of the hassle of build and deploy work
+from developers and implement it in an automated manner that is both
+transparent and executes seamlessly.
+
+## What does Unity Leverage to complete it's goals?
+tools
+standardized file locations
+
+How to prepare a repository for use in Unity
+In order to prepare a repository for automated builds and deployments certain
+standardized paths and filenames must be utilized so that Unity knows where
+to find them.
+
+### Automated Builds
+Automated builds rely on a common build entry point such as a build.sh script
+and a set of credentials plus a destination for publishing. These credentials
+are stored in environment variables for security and accessed at runtime.
+
+### Unit Testing
+TBD
+
+### Automated Deployments
+Deployments are handled through Terraform. Terraform scripts are stored in the
+terraform-unity directory in a repositorys root directory. At deployment time
+the terraform scripts are validated and
+
+```
+.
+└── terraform-unity
+ ├── main.tf
+ ├── networking.tf
+ └── variables.tf
+```
+
+
+### Smoke Testing
+Smoke tests are a simple test to validate a successful deployment. While they
+may not test all the functionality of a system, they should be comprehensive
+enough to fail if the deployment has failed.
+
+In order for Unity to find the smoke tests, they must live in the smoketest
+directory. Currently python smoktetests are supported, but additional formats
+will be supported in the future.
+```
+.
+└── smoketest
+ └── smoketest.py
+```
+
+### Teardown
+Teardowns are managed in the same way as deployments, through Terraform. The
+teardown workflow is supplied by Unity and requires no additional files in the
+target repository as long as the terraform-unity directory is set up correctly.
\ No newline at end of file
diff --git a/build/README.md b/build/README.md
new file mode 100644
index 00000000..a7c3c005
--- /dev/null
+++ b/build/README.md
@@ -0,0 +1,5 @@
+# unity-common-services
+unity-common-services
+
+This is a basic framework for deploying a product environment via terraform scripts into AWS
+
diff --git a/build/deploy/deploy.sh b/build/deploy/deploy.sh
new file mode 100644
index 00000000..63492dce
--- /dev/null
+++ b/build/deploy/deploy.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+## Command line utility for deploying terraform scripts to AWS
+
diff --git a/build/docs/README.md b/build/docs/README.md
new file mode 100644
index 00000000..c49e22a8
--- /dev/null
+++ b/build/docs/README.md
@@ -0,0 +1,18 @@
+# Unity Commom Services Deployment Workflow
+
+1. Retrieve Deployment Catalog
+ Deployments will be triggerd manually or by updates to the Deployment Catalog. The Catalog must include changes to the infrastructure as well as a list of artifacts and destinations.
+
+1. Apply Configuration Values
+ Before executing any deployment scripts the sensitive values will be applied to the infrastructure scripts and any system configuration files that need api keys or other configurations in place to run properly.
+
+ These values should be kept somewhere secure like Ansible Vault.
+
+1. Run Infrastructure Scripts (Terraform)
+ These scripts will set up our infrastructure inside of our deployment environment (in this case AWS)
+
+1. Deploy Artifacts to Infrastructure
+ The list of Artifacts can include code, docker containers, static files, anything that is not a part of the infrastructure configuration.
+
+1. Test Deployment
+ At the bare minimum, there should be a smoke test included that will check for a successful deployment of the system
\ No newline at end of file
diff --git a/build/report.xml b/build/report.xml
new file mode 100644
index 00000000..e78bb616
--- /dev/null
+++ b/build/report.xml
@@ -0,0 +1,15 @@
+
+
+
+
+
+ tests directory does not exist
+
+
+ terraform directory does not exist
+
+
+ terraform/tfvars directory does not exist
+
+
+
diff --git a/build/terraform/main.tf b/build/terraform/main.tf
new file mode 100644
index 00000000..85c2dddf
--- /dev/null
+++ b/build/terraform/main.tf
@@ -0,0 +1,42 @@
+# configure the S3 backend for storing state. This allows different
+# team members to control and update terraform state.
+terraform {
+ backend "s3" {
+ # This must be updated for each unique deployment/stage!
+ # should be of the form services/APP_NAME/STAGE/terraform.tfstate
+ # We can't use variables in the key name here, so we need to be extra
+ # careful with this!
+ key = "services/unity-common-services/terraform.tfstate"
+ region = "us-west-2"
+ }
+}
+
+provider "aws" {
+ region = "us-west-2"
+ shared_credentials_file = var.credentials
+ profile = var.profile
+
+ ignore_tags {
+ key_prefixes = ["unity-cs-mcp"]
+ }
+}
+
+data "aws_caller_identity" "current" {}
+
+locals {
+ name = var.app_name
+ environment = var.stage
+
+ # This is the convention we use to know what belongs to each other
+ ec2_resources_name = terraform.workspace == "default" ? "svc-${local.name}-${local.environment}" : "svc-${local.name}-${local.environment}-${terraform.workspace}"
+
+ # Account ID used for getting the ECR host
+ account_id = data.aws_caller_identity.current.account_id
+
+ default_tags = length(var.default_tags) == 0 ? {
+ application: local.ec2_resources_name,
+ Environment = var.stage
+ Version = var.docker_tag
+ } : var.default_tags
+}
+
diff --git a/build/terraform/tfvars/sit.tfvars b/build/terraform/tfvars/sit.tfvars
new file mode 100644
index 00000000..fce80442
--- /dev/null
+++ b/build/terraform/tfvars/sit.tfvars
@@ -0,0 +1,21 @@
+
+# stage: dev, sandbox, sit, uat, ops
+stage = "sit"
+
+# SIT VPC
+vpc_id = "vpc-"
+
+# SIT VPC Security Group
+aws_vpc_default_security_group_id = ["sg-"]
+
+# subnet_ids
+private_subnets = ["subnet-","subnet-"]
+
+# The ID of the EFS to mount the services on.
+efs_id = "fs-"
+
+# EFS subnet 1
+private_subnet_1 = "subnet-"
+
+# EFS subnet 2
+private_subnet_2 = "subnet-"
diff --git a/build/tests/report.xml b/build/tests/report.xml
new file mode 100644
index 00000000..b886c8fc
--- /dev/null
+++ b/build/tests/report.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/build/tests/run.sh b/build/tests/run.sh
new file mode 100644
index 00000000..a7f99e3f
--- /dev/null
+++ b/build/tests/run.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+OUTPUT_FILE=report.xml
+TEST_SUITE_STATUS=PASS
+
+
+echo "" >$OUTPUT_FILE
+echo " " >>$OUTPUT_FILE
+echo " " >>$OUTPUT_FILE
+echo " " >>$OUTPUT_FILE
+
+
+TEST_DIR_NAME='tests'
+echo " " >>$OUTPUT_FILE
+if [ ! -d "../${TEST_DIR_NAME}" ]; then
+ echo " ${TEST_DIR_NAME} directory does not exist" >>$OUTPUT_FILE
+ TEST_SUITE_STATUS=FAIL
+fi
+echo " " >>$OUTPUT_FILE
+
+
+TEST_DIR_NAME='terraform'
+echo " " >>$OUTPUT_FILE
+if [ ! -d "../${TEST_DIR_NAME}" ]; then
+ echo " ${TEST_DIR_NAME} directory does not exist" >>$OUTPUT_FILE
+ TEST_SUITE_STATUS=FAIL
+fi
+echo " " >>$OUTPUT_FILE
+
+
+TEST_DIR_NAME='terraform/tfvars'
+echo " " >>$OUTPUT_FILE
+if [ ! -d "../${TEST_DIR_NAME}" ]; then
+ echo " ${TEST_DIR_NAME} directory does not exist" >>$OUTPUT_FILE
+ TEST_SUITE_STATUS=FAIL
+fi
+echo " " >>$OUTPUT_FILE
+
+
+
+echo " " >>$OUTPUT_FILE
+echo "" >>$OUTPUT_FILE
+
+
+if [ "$TEST_SUITE_STATUS" = "FAIL" ]
+then
+ exit 1
+fi
+
+exit
+
diff --git a/security.tf b/security.tf
deleted file mode 100644
index 86fbc8f1..00000000
--- a/security.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-resource "aws_security_group" "ingress-all-test" {
- name = "allow-all-sg"
- vpc_id = "${aws_vpc.unity-infra-env.id}"
- ingress {
- cidr_blocks = [
- "0.0.0.0/0"
- ]
- from_port = 22
- to_port = 22
- protocol = "tcp"
-}
-
-// Terraform removes the default rule
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-}
-
diff --git a/subnets.tf b/subnets.tf
deleted file mode 100644
index b5be79e8..00000000
--- a/subnets.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-resource "aws_subnet" "subnet-uno" {
- cidr_block = "${cidrsubnet(aws_vpc.unity-infra-env.cidr_block, 3, 1)}"
- vpc_id = "${aws_vpc.unity-infra-env.id}"
- availability_zone = "us-east-1a"
-}
-
-resource "aws_route_table" "route-table-infra-env" {
- vpc_id = "${aws_vpc.unity-infra-env.id}"
- route {
- cidr_block = "0.0.0.0/0"
- gateway_id = "${aws_internet_gateway.infra-env-gw.id}"
- }
- tags = {
- Name = "infra-env-route-table"
- }
-}
-
-resource "aws_route_table_association" "subnet-association" {
- subnet_id = "${aws_subnet.subnet-uno.id}"
- route_table_id = "${aws_route_table.route-table-infra-env.id}"
-}
diff --git a/terraform-unity/eks.tf b/terraform-unity/eks.tf
new file mode 100644
index 00000000..9c735c57
--- /dev/null
+++ b/terraform-unity/eks.tf
@@ -0,0 +1,155 @@
+module "eks" {
+ source = "terraform-aws-modules/eks/aws"
+
+ cluster_name = "unity-eks-cluster"
+ cluster_version = "1.21"
+ cluster_endpoint_private_access = true
+ cluster_endpoint_public_access = true
+
+ cluster_addons = {
+ coredns = {
+ resolve_conflicts = "OVERWRITE"
+ }
+ kube-proxy = {}
+ vpc-cni = {
+ resolve_conflicts = "OVERWRITE"
+ }
+ }
+
+ cluster_encryption_config = [{
+ provider_key_arn = aws_kms_key.eks.arn
+ resources = ["secrets"]
+ }]
+
+ vpc_id = ""
+ subnet_ids = []
+
+ # Self Managed Node Group(s)
+ /* self_managed_node_group_defaults = {
+ instance_type = "m6i.large"
+ update_launch_template_default_version = true
+ iam_role_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]
+ }
+
+ self_managed_node_groups = {
+ one = {
+ name = "spot-1"
+
+ public_ip = true
+ max_size = 5
+ desired_size = 2
+
+ use_mixed_instances_policy = true
+ mixed_instances_policy = {
+ instances_distribution = {
+ on_demand_base_capacity = 0
+ on_demand_percentage_above_base_capacity = 10
+ spot_allocation_strategy = "capacity-optimized"
+ }
+
+ override = [
+ {
+ instance_type = "m5.large"
+ weighted_capacity = "1"
+ },
+ {
+ instance_type = "m6i.large"
+ weighted_capacity = "2"
+ },
+ ]
+ }
+
+ pre_bootstrap_user_data = <<-EOT
+ echo "foo"
+ export FOO=bar
+ EOT
+
+ bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot'"
+
+ post_bootstrap_user_data = <<-EOT
+ cd /tmp
+ sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
+ sudo systemctl enable amazon-ssm-agent
+ sudo systemctl start amazon-ssm-agent
+ EOT
+ }
+ }*/
+
+ # EKS Managed Node Group(s)
+ /* eks_managed_node_group_defaults = {
+ ami_type = "AL2_x86_64"
+ disk_size = 50
+ instance_types = ["m6i.large", "m5.large", "m5n.large", "m5zn.large"]
+ vpc_security_group_ids = [aws_security_group.additional.id]
+ }
+
+ eks_managed_node_groups = {
+ blue = {}
+ green = {
+ min_size = 1
+ max_size = 10
+ desired_size = 1
+
+ instance_types = ["t3.large"]
+ capacity_type = "SPOT"
+ labels = {
+ Environment = "test"
+ GithubRepo = "terraform-aws-eks"
+ GithubOrg = "terraform-aws-modules"
+ }
+ taints = {
+ dedicated = {
+ key = "dedicated"
+ value = "gpuGroup"
+ effect = "NO_SCHEDULE"
+ }
+ }
+ tags = {
+ ExtraTag = "example"
+ }
+ }
+ }*/
+
+ # Fargate Profile(s)
+ fargate_profiles = {
+ default = {
+ name = "default"
+ selectors = [
+ {
+ namespace = "kube-system"
+ labels = {
+ k8s-app = "kube-dns"
+ }
+ },
+ {
+ namespace = "default"
+ }
+ ]
+
+ tags = {
+ Owner = "test"
+ }
+
+ timeouts = {
+ create = "20m"
+ delete = "20m"
+ }
+ }
+ }
+
+ tags = {
+ Environment = "dev"
+ Terraform = "true"
+ }
+}
+
+resource "aws_kms_key" "eks" {
+ description = "EKS Secret Encryption Key"
+ deletion_window_in_days = 7
+ enable_key_rotation = true
+
+ tags = {
+ Environment = "dev"
+ Terraform = "true"
+ }
+}
\ No newline at end of file
diff --git a/gateway.tf b/terraform-unity/gateway.tf
similarity index 68%
rename from gateway.tf
rename to terraform-unity/gateway.tf
index b0137146..68d8805d 100644
--- a/gateway.tf
+++ b/terraform-unity/gateway.tf
@@ -1,5 +1,5 @@
resource "aws_internet_gateway" "infra-env-gw" {
- vpc_id = "${aws_vpc.unity-infra-env.id}"
+ vpc_id = aws_vpc.unity-infra-env.id
tags = {
Name = "infra-env-gw"
}
diff --git a/main.tf b/terraform-unity/main.tf
similarity index 81%
rename from main.tf
rename to terraform-unity/main.tf
index ba8ffd35..7865bfa9 100644
--- a/main.tf
+++ b/terraform-unity/main.tf
@@ -26,7 +26,7 @@ terraform {
}
required_version = ">= 0.14.9"
- backend "s3" {
+ backend "s3" {
bucket = "unity-cs-infra"
key = "build/state"
region = "us-east-1"
@@ -38,28 +38,28 @@ provider "aws" {
}
resource "aws_vpc" "unity-infra-env" {
- cidr_block = "10.0.0.0/16"
+ cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
- enable_dns_support = true
+ enable_dns_support = true
tags = {
Name = "unity-infra-env"
}
}
resource "aws_eip" "ip-infra-env" {
- instance = "${aws_instance.unity-ec2-instance.id}"
+ instance = aws_instance.unity-ec2-instance.id
vpc = true
}
resource "aws_instance" "unity-ec2-instance" {
- ami = "${var.ami_id}"
+ ami = var.ami_id
instance_type = "t3.xlarge"
- key_name = "${var.ami_key_pair_name}"
+ key_name = var.ami_key_pair_name
#security_groups = ["${aws_security_group.ingress-all-test.id}"]
vpc_security_group_ids = [aws_security_group.ingress-all-test.id]
tags = {
Name = "${var.ami_name}"
}
- subnet_id = "${aws_subnet.subnet-uno.id}"
+ subnet_id = aws_subnet.subnet-uno.id
}
diff --git a/terraform-unity/security.tf b/terraform-unity/security.tf
new file mode 100644
index 00000000..9de34c4e
--- /dev/null
+++ b/terraform-unity/security.tf
@@ -0,0 +1,21 @@
+resource "aws_security_group" "ingress-all-test" {
+ name = "allow-all-sg"
+ vpc_id = aws_vpc.unity-infra-env.id
+ ingress {
+ cidr_blocks = [
+ "0.0.0.0/0"
+ ]
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ }
+
+ // Terraform removes the default rule
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+}
+
diff --git a/terraform-unity/subnets.tf b/terraform-unity/subnets.tf
new file mode 100644
index 00000000..75815c5b
--- /dev/null
+++ b/terraform-unity/subnets.tf
@@ -0,0 +1,21 @@
+resource "aws_subnet" "subnet-uno" {
+ cidr_block = cidrsubnet(aws_vpc.unity-infra-env.cidr_block, 3, 1)
+ vpc_id = aws_vpc.unity-infra-env.id
+ availability_zone = "us-east-1a"
+}
+
+resource "aws_route_table" "route-table-infra-env" {
+ vpc_id = aws_vpc.unity-infra-env.id
+ route {
+ cidr_block = "0.0.0.0/0"
+ gateway_id = aws_internet_gateway.infra-env-gw.id
+ }
+ tags = {
+ Name = "infra-env-route-table"
+ }
+}
+
+resource "aws_route_table_association" "subnet-association" {
+ subnet_id = aws_subnet.subnet-uno.id
+ route_table_id = aws_route_table.route-table-infra-env.id
+}
diff --git a/terraform-unity/variables.tf b/terraform-unity/variables.tf
new file mode 100644
index 00000000..9491dc59
--- /dev/null
+++ b/terraform-unity/variables.tf
@@ -0,0 +1,3 @@
+variable "ami_name" { default = "unity-github-runner" }
+variable "ami_id" { default = "ami-04505e74c0741db8d" }
+variable "ami_key_pair_name" { default = "barber-unity-pair" }
diff --git a/variables.tf b/variables.tf
deleted file mode 100644
index 76a34aa2..00000000
--- a/variables.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-variable "ami_name" {default = "unity-github-runner"}
-variable "ami_id" {default = "ami-04505e74c0741db8d"}
-variable "ami_key_pair_name" {default = "barber-unity-pair"}