feat(deployment): provision scaleway with tf

.pre-commit-config.yaml

@@ -29,6 +29,16 @@ repos:
         files: ^api
         exclude: ^api/tests/
 
+  # deployment
+  - repo: local
+    hooks:
+      - id: terraform-fmt
+        name: deployment|terraform-fmt
+        language: docker_image
+        entry: hashicorp/terraform:1.4.0
+        args: [fmt, -recursive, deployment]
+        pass_filenames: false
+
   # pipeline
   - repo: https://github.com/psf/black
     rev: 22.10.0

.vscode/data-inclusion.code-workspace

@@ -12,6 +12,9 @@
 		{
 			"path": "../siretisation"
 		},
+		{
+			"path": "../deployment"
+		},
 		{
 			"path": ".."
 		}

deployment/.gitignore

@@ -0,0 +1,30 @@
+# https://github.com/github/gitignore/blob/main/Terraform.gitignore
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

deployment/README.md

@@ -0,0 +1,67 @@
+# deployment
+
+## prerequisites
+
+An API key needs to be generated on the scaleway [console](https://console.scaleway.com/project/settings).
+
+## targeting an environment
+
+Use the `-chdir=` option to target a specific environment:
+
+```bash
+docker-compose run tf -chdir=environments/staging plan
+```
+
+## initializing the state backend
+
+```bash
+docker-compose run tf -chdir=environments/<ENVIRONMENT>/ init \
+    -backend-config "bucket=data-inclusion-terraform" \
+    -backend-config "key=stack_data/<ENVIRONMENT>" \
+    -backend-config "region=fr-par" \
+    -backend-config "endpoint=https://s3.fr-par.scw.cloud" \
+    -backend-config "access_key=<ACCESS_KEY>" \
+    -backend-config "secret_key=<SECRET_KEY>"
+```
+
+## configuring the deployment
+
+The deployment is configured through variables. The set of variables will be different for each environment.
+
+To generate a configuration file for a specific environment:
+
+```bash
+USER_ID=$(id -u) docker-compose run tf-vars environments/<ENVIRONMENT>
+```
+
+The generated `terraform.tfvars.json` file can be filled with the appropriate values for that environment.
+
+⚠️⚠️ `terraform.tfvars.json` FILES SHOULD NOT BE COMMITTED ⚠️⚠️
+
+## deployment
+
+```bash
+# review changes
+docker-compose run tf -chdir=environments/staging plan
+
+# apply
+docker-compose run tf -chdir=environments/staging apply
+```
+
+## updating auto generated documentation
+
+```bash
+USER_ID=$(id -u) docker-compose run tf-docs
+```
+
+## formatting `.tf` files
+
+```bash
+docker-compose run tf-fmt
+```
+
+## references
+
+* [Scaleway Terraform Provider documentation](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs)
+* [Google's Best practices for using Terraform](https://cloud.google.com/docs/terraform/best-practices-for-terraform)
+* [How To Create Reusable Infrastructure with Terraform Modules and Templates by Savic](https://www.digitalocean.com/community/tutorials/how-to-create-reusable-infrastructure-with-terraform-modules-and-templates)

deployment/docker-compose.yml

@@ -0,0 +1,37 @@
+# This file is meant for local development
+
+version: "3.9"
+
+services:
+  tf:
+    image: hashicorp/terraform:1.4.0
+    working_dir: /deployment
+    volumes:
+      - .:/deployment
+
+  scw:
+    image: scaleway/cli:v2.12.0
+
+  tf-docs:
+    image: quay.io/terraform-docs/terraform-docs:0.16.0
+    user: "${USER_UID:-1000}:0"
+    working_dir: /deployment
+    entrypoint: terraform-docs markdown --recursive --recursive-path ../../modules --output-file README.md
+    command: environments/staging
+    volumes:
+      - .:/deployment
+
+  tf-fmt:
+    image: hashicorp/terraform:1.4.0
+    working_dir: /deployment
+    command: fmt -recursive
+    volumes:
+      - .:/deployment
+
+  tf-vars:
+    image: quay.io/terraform-docs/terraform-docs:0.16.0
+    user: "${USER_UID:-1000}:0"
+    working_dir: /deployment
+    entrypoint: terraform-docs tfvars --output-file "terraform.tfvars.json" json
+    volumes:
+      - .:/deployment

deployment/environments/staging/README.md

@@ -0,0 +1,31 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_stack_data"></a> [stack\_data](#module\_stack\_data) | ../../modules/stack_data | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_scaleway_access_key"></a> [scaleway\_access\_key](#input\_scaleway\_access\_key) | Scaleway access key (https://console.scaleway.com/iam/api-keys) | `string` | n/a | yes |
+| <a name="input_scaleway_project_id"></a> [scaleway\_project\_id](#input\_scaleway\_project\_id) | Scaleway project id (https://console.scaleway.com/project/settings) | `string` | n/a | yes |
+| <a name="input_scaleway_secret_key"></a> [scaleway\_secret\_key](#input\_scaleway\_secret\_key) | Scaleway secret key (https://console.scaleway.com/iam/api-keys) | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

deployment/environments/staging/backend.tf

@@ -0,0 +1,7 @@
+terraform {
+  backend "s3" {
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+  }
+}

deployment/environments/staging/main.tf

@@ -0,0 +1,23 @@
+variable "scaleway_access_key" {
+  description = "Scaleway access key (https://console.scaleway.com/iam/api-keys)"
+  type        = string
+}
+
+variable "scaleway_secret_key" {
+  description = "Scaleway secret key (https://console.scaleway.com/iam/api-keys)"
+  type        = string
+  sensitive   = true
+}
+
+variable "scaleway_project_id" {
+  description = "Scaleway project id (https://console.scaleway.com/project/settings)"
+  type        = string
+}
+
+module "stack_data" {
+  source = "../../modules/stack_data"
+
+  scaleway_access_key = var.scaleway_access_key
+  scaleway_secret_key = var.scaleway_secret_key
+  scaleway_project_id = var.scaleway_project_id
+}

deployment/modules/stack_data/README.md

@@ -0,0 +1,42 @@
+# `stack_data`
+
+Provision a compute instance with docker in the given scaleway project.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_scaleway"></a> [scaleway](#requirement\_scaleway) | 2.13.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_scaleway"></a> [scaleway](#provider\_scaleway) | 2.13.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [scaleway_instance_ip.main](https://registry.terraform.io/providers/scaleway/scaleway/2.13.1/docs/resources/instance_ip) | resource |
+| [scaleway_instance_server.main](https://registry.terraform.io/providers/scaleway/scaleway/2.13.1/docs/resources/instance_server) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_scaleway_access_key"></a> [scaleway\_access\_key](#input\_scaleway\_access\_key) | Scaleway access key (https://console.scaleway.com/iam/api-keys) | `string` | n/a | yes |
+| <a name="input_scaleway_project_id"></a> [scaleway\_project\_id](#input\_scaleway\_project\_id) | Scaleway project id (https://console.scaleway.com/project/settings) | `string` | n/a | yes |
+| <a name="input_scaleway_secret_key"></a> [scaleway\_secret\_key](#input\_scaleway\_secret\_key) | Scaleway secret key (https://console.scaleway.com/iam/api-keys) | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_public_ip"></a> [public\_ip](#output\_public\_ip) | Publicly reachable IP (with `ssh root@<public_ip>`) |
+<!-- END_TF_DOCS -->

deployment/modules/stack_data/main.tf

@@ -0,0 +1,7 @@
+resource "scaleway_instance_ip" "main" {}
+
+resource "scaleway_instance_server" "main" {
+  type  = "DEV1-L"
+  image = "docker"
+  ip_id = scaleway_instance_ip.main.id
+}

deployment/modules/stack_data/outputs.tf

@@ -0,0 +1,4 @@
+output "public_ip" {
+  description = "Publicly reachable IP (with `ssh root@<public_ip>`)"
+  value       = scaleway_instance_server.main.public_ip
+}

deployment/modules/stack_data/provider.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    scaleway = {
+      source  = "scaleway/scaleway"
+      version = "2.13.1"
+    }
+  }
+}
+
+provider "scaleway" {
+  access_key = var.scaleway_access_key
+  secret_key = var.scaleway_secret_key
+  project_id = var.scaleway_project_id
+  zone       = "fr-par-1"
+  region     = "fr-par"
+}

deployment/modules/stack_data/variables.tf

@@ -0,0 +1,15 @@
+variable "scaleway_access_key" {
+  description = "Scaleway access key (https://console.scaleway.com/iam/api-keys)"
+  type        = string
+}
+
+variable "scaleway_secret_key" {
+  description = "Scaleway secret key (https://console.scaleway.com/iam/api-keys)"
+  type        = string
+  sensitive   = true
+}
+
+variable "scaleway_project_id" {
+  description = "Scaleway project id (https://console.scaleway.com/project/settings)"
+  type        = string
+}