-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from wargarblgarbl/main
Updated with AWS code
- Loading branch information
Showing
6 changed files
with
184 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
name: Digger Plan | ||
|
||
on: | ||
pull_request: | ||
branches: [ "main" ] | ||
types: [ opened, synchronize ] | ||
issue_comment: | ||
types: [created] | ||
workflow_dispatch: | ||
|
||
|
||
jobs: | ||
plan: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write # required to merge PRs | ||
id-token: write # required for workload-identity-federation | ||
pull-requests: write # required to post PR comments | ||
statuses: write # required to validate combined PR status | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
# Unlike GCP; the role assumption is handled inline | ||
- name: digger run | ||
uses: diggerhq/[email protected] | ||
with: | ||
setup-aws: true | ||
|
||
#Uncomment below line if using OIDC | ||
#aws-role-to-assume: arn:aws:sts::{secrets.AccountID}:assumed-role/{secrets.RoleName}/{FunctionName} | ||
|
||
#Comment the following two lines out if using OIDC. | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
##End comment block | ||
aws-region: us-east-1 | ||
env: | ||
GITHUB_CONTEXT: ${{ toJson(github) }} | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
gcp_key.json | ||
|
||
# Local .terraform directories | ||
**/.terraform/* | ||
.terraform | ||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
|
||
# Crash log files | ||
crash.log | ||
crash.*.log | ||
|
||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as | ||
# password, private keys, and other secrets. These should not be part of version | ||
# control as they are data points which are potentially sensitive and subject | ||
# to change depending on the environment. | ||
*.tfvars | ||
*.tfvars.json | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
.terraform.lock.hcl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,17 @@ | ||
# quickstart-actions-aws | ||
|
||
This is the repository for a sample quickstart action with digger. | ||
|
||
# backend | ||
this folder will provision (most) of the backend required. | ||
Main.tf provisions the following resources. | ||
|
||
1. The Backend state bucket for terraform to store state in | ||
2. The required DynamoDB table for Digger to store locks. | ||
|
||
# prod | ||
This is a sample terraform prod code that will (if given the chance) spin up a vpc + an EC2 instance, and required security groups. | ||
The instance is locked down to not be accessible from outside the network. | ||
|
||
# .github/workflows | ||
Contains digger-plan.yml with two different potential ways of authenticating against an AWS account. Please review the main digger documentation on details as to which scheme to use. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "5.23.1" | ||
} | ||
} | ||
} | ||
|
||
provider "aws" { | ||
region = "us-east-1" # Replace with your desired AWS region | ||
} | ||
|
||
resource "random_string" "bucket_prefix" { | ||
length = 8 | ||
special = false | ||
} | ||
|
||
resource "aws_s3_bucket" "default" { | ||
bucket = "${random_string.bucket_prefix.result}-bucket-tfstate" | ||
} | ||
|
||
resource "aws_s3_bucket_versioning" "versioning_example" { | ||
bucket = aws_s3_bucket.default.id | ||
versioning_configuration { | ||
status = "Enabled" | ||
} | ||
} | ||
|
||
resource "aws_s3_bucket_acl" "example" { | ||
bucket = aws_s3_bucket.default.id | ||
acl = "private" | ||
} | ||
|
||
|
||
resource "aws_dynamodb_table" "DiggerDynamoDBLockTable" { | ||
name = "DiggerDynamoDBLockTable" | ||
billing_mode = "PAY_PER_REQUEST" | ||
stream_enabled = true | ||
stream_view_type = "NEW_AND_OLD_IMAGES" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
projects: | ||
- name: production | ||
dir: prod |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "3.0.0" # Use an appropriate version | ||
} | ||
} | ||
backend "s3" { | ||
bucket = "8046b8f4c208f5bb-bucket-tfstate" | ||
key = "terraform/state" | ||
region = "us-east-1" | ||
} | ||
|
||
} | ||
|
||
provider "aws" { | ||
region = "us-east-1" # Replace with your desired AWS region | ||
} | ||
|
||
resource "aws_vpc" "vpc_network" { | ||
cidr_block = "10.0.0.0/16" | ||
tags = { | ||
Name = "terraform-network" | ||
} | ||
} | ||
|
||
resource "aws_subnet" "vpc_subnet" { | ||
vpc_id = aws_vpc.vpc_network.id | ||
cidr_block = "10.0.1.0/24" | ||
availability_zone = "us-east-2a" | ||
map_public_ip_on_launch = true | ||
|
||
tags = { | ||
Name = "terraform-subnet" | ||
} | ||
} | ||
|
||
resource "aws_security_group" "security_group" { | ||
name_prefix = "terraform-" | ||
ingress { | ||
from_port = 80 | ||
to_port = 80 | ||
protocol = "tcp" | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
} | ||
|
||
resource "aws_instance" "vm_instance" { | ||
ami = "ami-0b17ac7207aae009f" #Debian 11 (bullsey AMI provided by the Debian Project https://wiki.debian.org/Cloud/AmazonEC2Image/Bullseye) | ||
instance_type = "t2.micro" | ||
subnet_id = aws_subnet.vpc_subnet.id | ||
security_groups = [aws_security_group.security_group.name] | ||
tags = { | ||
Name = "terraform-instance" | ||
} | ||
} |