Merge pull request #1 from pangolin-do-golang/feature/infra

Add infra

Author: pcbarreto

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,12 @@
+## Why
+<!-- Describe the context of the change here. Why are you creating or changing this resource? What application will be impacted? -->
+
+## Pull request type
+- [ ] New resource
+- [ ] Update resource
+- [ ] Bugfix
+- [ ] Other (please describe):
+
+## Rollback plan
+- [ ] Revert this PR
+- [ ] Other (please, specify):

.github/workflows/Develop.yml

@@ -0,0 +1,87 @@
+name: "Terraform Developer"
+
+on:
+  push:
+    branches:
+    - develop
+    paths:
+    - terraform/**
+  pull_request:
+    branches:
+    - develop
+    paths:
+    - terraform/**
+
+env:
+  WORKSPACE: "dev"
+  aws-region: "us-east-1"
+  destroy: false
+
+permissions:
+  contents: read
+  id-token: write
+  pull-requests: write
+
+jobs:
+  InfraDev:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./terraform
+
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.10.5
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-session-name: GitHub_AWS_OIDC
+          aws-region: ${{ env.aws-region }}
+          role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }}
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
+
+      - name: Terraform Init
+        id: init
+        run: |
+          terraform init -backend-config="./envs/${{ env.WORKSPACE }}/backend.tfvars" -input=false
+          terraform workspace select -or-create ${{ env.WORKSPACE }}
+        continue-on-error: false
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+        continue-on-error: true
+
+      - name: Terraform Destroy
+        if: ${{ env.destroy == true }}
+        id: destroy
+        run: terraform destroy -var-file="./envs/${{ env.WORKSPACE }}/terraform.tfvars" -auto-approve
+
+      - name: Terraform Plan
+        if: ${{ env.destroy != true && github.event_name == 'pull_request'}}
+        id: plan
+        run: terraform plan -out plan.tf -var-file="./envs/${{ env.WORKSPACE }}/terraform.tfvars" -no-color
+
+      - name: Terraform Resources List
+        uses: borchero/terraform-plan-comment@v2
+        if: github.event_name == 'pull_request'
+        with:
+          token: ${{ github.token }}
+          planfile: plan.tf
+          working-directory: ./terraform
+
+      - name: Terraform Apply
+        if: ${{ env.destroy != true && github.event_name == 'push'}}
+        id: apply
+        run: terraform apply -var-file="./envs/${{ env.WORKSPACE }}/terraform.tfvars" -auto-approve

.github/workflows/Production.yml

@@ -0,0 +1,87 @@
+name: "Terraform Production"
+
+on:
+  push:
+    branches:
+    - main
+    paths:
+    - terraform/**
+  pull_request:
+    branches:
+    - main
+    paths:
+    - terraform/**
+
+env:
+  WORKSPACE: "prod"
+  aws-region: "us-east-1"
+  destroy: false
+
+permissions:
+  contents: read
+  id-token: write
+  pull-requests: write
+
+jobs:
+  InfraProd:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./terraform
+
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.9.5
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-session-name: GitHub_AWS_OIDC
+          aws-region: ${{ env.aws-region }}
+          role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }}
+
+      - name: Terraform Init
+        id: init
+        run: |
+          terraform init -backend-config="./envs/${{ env.WORKSPACE }}/backend.tfvars" -input=false
+          terraform workspace select -or-create ${{ env.WORKSPACE }}
+        continue-on-error: false
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+        continue-on-error: true
+
+      - name: Terraform Destroy
+        if: ${{ env.destroy == true }}
+        id: destroy
+        run: terraform plan -destroy -var-file="./envs/${{ env.WORKSPACE }}/terraform.tfvars"
+
+      - name: Terraform Plan
+        if: ${{ env.destroy != true && github.event_name == 'pull_request'}}
+        id: plan
+        run: terraform plan -out plan.tf -var-file="./envs/${{ env.WORKSPACE }}/terraform.tfvars" -no-color
+
+      - name: Terraform Resouces List
+        uses: borchero/terraform-plan-comment@v2
+        if: github.event_name == 'pull_request'
+        with:
+          token: ${{ github.token }}
+          planfile: plan.tf
+          working-directory: ./terraform
+
+      - name: Terraform Apply
+        if: ${{ env.destroy != true && github.event_name == 'push'}}
+        id: apply
+        run: terraform apply -var-file="./envs/${{ env.WORKSPACE }}/terraform.tfvars" -auto-approve

.github/workflows/tfdocs.yml

@@ -0,0 +1,23 @@
+name: Validate and Generate Terraform Docs
+on:
+  - pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Render terraform docs and push changes back to PR
+      uses: terraform-docs/gh-actions@main
+      with:
+        working-dir: ./terraform
+        output-file: README.md
+        output-method: inject
+        git-push: "true"

.gitignore

@@ -13,8 +13,10 @@ crash.*.log
 # password, private keys, and other secrets. These should not be part of version 
 # control as they are data points which are potentially sensitive and subject 
 # to change depending on the environment.
-*.tfvars
+# *.tfvars
 *.tfvars.json
+*.lock.hcl
+plan.out
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
@@ -35,3 +37,5 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+.idea/
+.vscode/

.terraform-docs.yaml

@@ -0,0 +1,6 @@
+content: |-
+  {{ .Header }}
+
+  {{ .Inputs }}
+
+  {{ .Outputs }}

README.md

@@ -1,2 +1,39 @@
 # thumb-processor-infra
 Infra do Projeto Hackaton
+
+
+### Pre Requirements To Run This Pipeline.
+
+- Create a S3 Bucket in AWS Console (Unique Global Name)
+  - Enable Versioning Bucket
+* Change the *Bucket Name and DynamoDB Table Name* in backend.conf files `(./terraform/envs/dev | ./terraform/envs/prod)`
+- Create a DynamoDB Table in AWS Console
+  - Put In *Partition key* to *LockID* And Set *String* And *Crete Table*
+- Create a Identity Provider (OIDC) in IAM Console and add ARN on github variables with Name: *AWS_ASSUME_ROLE_ARN*
+  - How To Create a OIDC Github
+    - https://aws.amazon.com/pt/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
+
+
+This Pipeline Runs With a Pull Request:
+- Branches:
+    - developer - Runs Developer Infra
+    - main      - Runs Productions Infra
+
+### Runs Localy
+
+Get AWS Credentials And Runs:
+```shell
+aws configure  # And Paste de SECRET_KEY_ID and  SECRET_ACCESS_KEY and REGION
+
+# After aws configure go to de Path /terraform and Runs: Config Backend S3
+terraform init -backend-config=envs/dev/backend.tfvars
+
+# Set Dev Worspace
+terraform workspace new dev
+
+# Runs Plan
+terraform plan -out plan.out -var-file=envs/dev/terraform.tfvars
+
+# Aplly Plan
+terraform apply plan.out
+```

terraform/README.md

@@ -0,0 +1,27 @@
+<!-- BEGIN_TF_DOCS -->
+
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | The name of the S3 bucket | `string` | n/a | yes |
+| <a name="input_env"></a> [env](#input\_env) | The environment | `string` | n/a | yes |
+| <a name="input_queue_name"></a> [queue\_name](#input\_queue\_name) | The name of the SQS queue | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_queue_arn"></a> [queue\_arn](#output\_queue\_arn) | n/a |
+| <a name="output_queue_arn_static"></a> [queue\_arn\_static](#output\_queue\_arn\_static) | n/a |
+| <a name="output_queue_id"></a> [queue\_id](#output\_queue\_id) | n/a |
+| <a name="output_queue_name"></a> [queue\_name](#output\_queue\_name) | n/a |
+| <a name="output_queue_url"></a> [queue\_url](#output\_queue\_url) | n/a |
+| <a name="output_s3_bucket_arn"></a> [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
+| <a name="output_s3_bucket_id"></a> [s3\_bucket\_id](#output\_s3\_bucket\_id) | The name of the bucket. |
+| <a name="output_s3_bucket_region"></a> [s3\_bucket\_region](#output\_s3\_bucket\_region) | The AWS region this bucket resides in. |
+| <a name="output_sqs_dlq_arn"></a> [sqs\_dlq\_arn](#output\_sqs\_dlq\_arn) | The ARN of the SQS queue |
+| <a name="output_sqs_dlq_id"></a> [sqs\_dlq\_id](#output\_sqs\_dlq\_id) | The URL for the created Amazon SQS queue |
+| <a name="output_sqs_dlq_name"></a> [sqs\_dlq\_name](#output\_sqs\_dlq\_name) | The name of the SQS queue |
+<!-- END_TF_DOCS -->

terraform/data.tf

@@ -0,0 +1 @@
+data "aws_caller_identity" "current" {}

terraform/envs/dev/backend.tfvars

@@ -0,0 +1,4 @@
+bucket         = "hackaton-challanger-fiap"
+key            = "terraform.tfstate"
+region         = "us-east-1"
+dynamodb_table = "terraform-tfstate"