diff --git a/.activate b/.activate index 519a0d5..3ccb9c2 100755 --- a/.activate +++ b/.activate @@ -10,7 +10,7 @@ if [ -f "${VENV_FILE}" ]; then else echo "VENV_DIR: ${VENV_DIR}" echo "VENV_FILE: ${VENV_FILE}" - echo "WARN No virtualenv found. Run 'make setup' to create one." + echo "WARN No virtualenv found. Run 'devbox shell'" fi ENV_FILE="${DEVBOX_PROJECT_ROOT}/.env" diff --git a/.github/workflows/actions/terraform-init/action.yml b/.github/workflows/actions/terraform-init/action.yml deleted file mode 100644 index 1309fdc..0000000 --- a/.github/workflows/actions/terraform-init/action.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: "Terraform plan" -description: "Runs a composite step action" - -inputs: - WORKSPACE: - description: "The workspace to deploy the infrastructure" - required: true - AWS_DEFAULT_REGION: - description: "The AWS region to deploy the infrastructure" - required: true - AWS_ACCOUNT_ID: - description: "The AWS account ID to deploy the infrastructure" - required: true - AWS_ROLE_NAME: - description: "OIDC Role name" - required: true - AWS_TERRAFORM_STATE_BUCKET: - description: "Terraform state bucket name" - required: false - -runs: - using: "composite" - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::${{ inputs.AWS_ACCOUNT_ID }}:role/${{ inputs.AWS_ROLE_NAME }} - aws-region: ${{ inputs.AWS_DEFAULT_REGION }} - role-session-name: github-actions - - - name: Set Terraform 1.7 - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: "1.9" - - - name: Terraform Plan - shell: bash - working-directory: infrastructure - env: - WORKSPACE: ${{ inputs.WORKSPACE }} - AWS_DEFAULT_REGION: ${{ inputs.AWS_DEFAULT_REGION }} - AWS_ACCOUNT_ID: ${{ inputs.AWS_ACCOUNT_ID }} - AWS_TERRAFORM_STATE_BUCKET: ${{ inputs.AWS_TERRAFORM_STATE_BUCKET }} - run: | - devbox shell - devbox run infra setup diff --git a/.github/workflows/deploy-infrastructure.yml b/.github/workflows/deploy-infrastructure.yml index b10c84f..0d4d830 100644 --- a/.github/workflows/deploy-infrastructure.yml +++ b/.github/workflows/deploy-infrastructure.yml @@ -13,7 +13,7 @@ permissions: contents: read env: - WORKSPACE: "production" + WORKSPACE: ${{ secrets.WORKSPACE }} jobs: deploy-infrastructure: @@ -33,30 +33,39 @@ jobs: with: ref: ${{ env.COMMIT_SHA }} - - name: Terraform Init - id: terraform - uses: ./.github/workflows/actions/terraform-init - timeout-minutes: 5 + - name: Install devbox + uses: jetify-com/devbox-install-action@v0.11.0 with: - WORKSPACE: ${{ env.WORKSPACE }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} - AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }} - AWS_TERRAFORM_STATE_BUCKET: ${{ secrets.AWS_TERRAFORM_STATE_BUCKET }} + enable-cache: "true" + + - name: Configure aws credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }} + aws-region: ${{ secrets.AWS_DEFAULT_REGION }} + role-session-name: github-actions - name: Terraform Plan id: plan continue-on-error: true + env: + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} + AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }} run: | - make check-drift + devbox run infra check-drift exitcode=$? echo $exitcode echo "run_apply=${exitcode}" >> "$GITHUB_OUTPUT" - name: Terraform Apply if: ${{ steps.plan.outputs.run_apply == '2' }} + env: + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} + AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }} run: | - make apply-auto-approve + devbox run infra apply-auto-approve - name: Update comment if: ${{ success() && github.event.client_payload.slash_command.args.named.comment_id }} diff --git a/.github/workflows/deploy-website.yml b/.github/workflows/deploy-website.yml index b9548c5..797a45b 100644 --- a/.github/workflows/deploy-website.yml +++ b/.github/workflows/deploy-website.yml @@ -1,32 +1,18 @@ name: Deploy Website +permissions: read-all + on: repository_dispatch: types: - deploy-website - deploy-website-command - # push: - # branches: - # - main - # paths: - # - "website/**" - # - "!website/tests/**" - # - "!website/Makefile" - # - "!website/README.md" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -# Permissions for terramform-init action -permissions: - id-token: write - contents: read - -env: - WORKSPACE: "production" - jobs: deploy-website: name: Deploy @@ -45,40 +31,20 @@ jobs: with: ref: ${{ env.COMMIT_SHA }} - - name: Setup Python 3.12 - uses: actions/setup-python@v5 - with: - python-version: "3.12" - cache: "pip" - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: "website/.nvmrc" - cache-dependency-path: website/yarn.lock - cache: "yarn" - - - name: Terraform Init - id: terraform - uses: ./.github/workflows/actions/terraform-init - timeout-minutes: 5 + - name: Install devbox + uses: jetify-com/devbox-install-action@v0.11.0 with: - WORKSPACE: ${{ env.WORKSPACE }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} - AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }} - AWS_TERRAFORM_STATE_BUCKET: ${{ secrets.AWS_TERRAFORM_STATE_BUCKET }} + enable-cache: "true" - name: Build timeout-minutes: 5 run: | - make setup-website VIRTUAL_ENV=false - make build + devbox run website build - name: Deploy timeout-minutes: 5 run: | - make deploy + devbox run deploy - name: Update comment if: ${{ success() && github.event.client_payload.slash_command.args.named.comment_id }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 03b612a..82201d9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,6 +1,7 @@ name: Release on: + workflow_dispatch: push: branches: - main diff --git a/.github/workflows/sync-database.yml b/.github/workflows/sync-database.yml index 2ead20f..748a522 100644 --- a/.github/workflows/sync-database.yml +++ b/.github/workflows/sync-database.yml @@ -1,19 +1,13 @@ name: Sync Database +permissions: read-all + on: workflow_dispatch: repository_dispatch: types: - sync-database -# Permissions for terramform-init action -permissions: - id-token: write - contents: read - -env: - WORKSPACE: "production" - jobs: sync-database: name: Sync Database @@ -22,6 +16,11 @@ jobs: - name: Check out code uses: actions/checkout@v4 + - name: Install devbox + uses: jetify-com/devbox-install-action@v0.11.0 + with: + enable-cache: "true" + - name: Load env id: env run: | @@ -35,7 +34,7 @@ jobs: hash_commit_awesome_italia_opensource="${{ github.event.client_payload.hash }}" fi - pr_body="${pr_body}\n\n Sync database pipeline: [${{ github.run_id }}](https://github.com/italia-opensource/italiaopensource.com/actions/runs/${{ github.run_id }})" + pr_body="${pr_body}. Sync database pipeline: [${{ github.run_id }}](https://github.com/italia-opensource/italiaopensource.com/actions/runs/${{ github.run_id }})" echo "pr_branch_name=${pr_branch_name}" >> $GITHUB_OUTPUT echo "pr_branch_name=${pr_branch_name}" @@ -46,35 +45,11 @@ jobs: echo "hash_commit_awesome_italia_opensource=${hash_commit_awesome_italia_opensource}" >> $GITHUB_OUTPUT echo "hash_commit_awesome_italia_opensource=${hash_commit_awesome_italia_opensource}" - - name: Setup Python 3.12 - uses: actions/setup-python@v5 - with: - python-version: "3.12" - cache: "pip" - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: "website/.nvmrc" - cache-dependency-path: website/yarn.lock - cache: "yarn" - - - name: Terraform Init - id: terraform - uses: ./.github/workflows/actions/terraform-init - timeout-minutes: 5 - with: - WORKSPACE: ${{ env.WORKSPACE }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} - AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }} - AWS_TERRAFORM_STATE_BUCKET: ${{ secrets.AWS_TERRAFORM_STATE_BUCKET }} - - name: Build id: build timeout-minutes: 5 run: | - make download HASH_COMMIT="${{ steps.env.outputs.hash_commit_awesome_italia_opensource}}" + devbox run website download HASH_COMMIT="${{ steps.env.outputs.hash_commit_awesome_italia_opensource}}" git checkout HEAD -- infrastructure/.terraform.lock.hcl # Ignore changes to the lock file status=$(git status -s) @@ -87,9 +62,6 @@ jobs: exit 0 fi - make setup-website VIRTUAL_ENV=false - make build - echo "has_changed=true" >> $GITHUB_OUTPUT - name: Create Pull Request diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 11bf937..d1e7310 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,7 +15,7 @@ concurrency: cancel-in-progress: true env: - WORKSPACE: "ci" # @TODO: Create infrastructure in pull-request workspace + WORKSPACE: ${{ secrets.WORKSPACE }} jobs: test-data: @@ -41,7 +41,6 @@ jobs: - name: Tests timeout-minutes: 10 env: - WORKSPACE: ${{ env.WORKSPACE }} AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }} diff --git a/README.md b/README.md index 09c7692..7e9d00a 100644 --- a/README.md +++ b/README.md @@ -18,38 +18,43 @@ devbox run website start If you want start website with italian lang run: `devbox run website start LOCALE=it`. -If you want start website with multi-lang run: `devbox run website build serve` +If you want start website with multi-lang run: `devbox run website build && devbox run website serve` -**Develop infrastructure in local:** - -With doppler access: +**[Doppler] Develop infrastructure in local:** ```bash devbox shell doppler login -devbox run doppler +devbox run doppler -# WARN: Before run `infra` cmd export AWS Credentials or Profile +# WARN: Before run `infra` cmd export your AWS Credentials or AWS Profile into .env devbox run infra setup devbox run infra plan + +devbox run deploy ``` -Or set your env vars without doppler: +To switch env run: `devbox run switch-env ` + +**[Without Doppler] Develop infrastructure in local:** ```bash +echo 'export WORKSPACE=staging|production' >> .env echo 'export AWS_ACCOUNT_ID=...' >> .env echo 'export AWS_DEFAULT_REGION=...' >> .env -echo 'export AWS_TERRAFORM_STATE_BUCKET=...' >> .env # (optional) If not set, use local backend by default +echo 'export AWS_TERRAFORM_STATE_BUCKET=...' >> .env # (optional) If not set by default use local backend -# WARN: Before run `infra` cmd export AWS Credentials or Profile +# WARN: Before run `infra` cmd export your AWS Credentials or AWS Profile into .env devbox shell devbox run infra setup devbox run infra plan + +devbox run deploy ``` diff --git a/devbox.json b/devbox.json index a936c4f..77e8c64 100644 --- a/devbox.json +++ b/devbox.json @@ -14,10 +14,17 @@ }, "include": [], "shell": { - "init_hook": [". ${DEVBOX_PROJECT_ROOT}/.activate", "devbox run setup"], + "init_hook": [ + ". ${DEVBOX_PROJECT_ROOT}/.activate", + "devbox run setup", + "devbox run info" + ], "scripts": { + "info": ["echo \"[INFO] Environment: ${WORKSPACE}\""], "infra": ["cd ${INFRASTRUCTURE_PATH} && make $@ ; cd -"], - "website": ["cd ${WEBSITE_PATH} && make $@ ; cd -"], + "website": ["cd ${WEBSITE_PATH} && yarn $@ ; cd -"], + "lint": ["pre-commit run --all-files"], + "doppler": ["${DEVBOX_PROJECT_ROOT}/scripts/doppler.sh $@"], "setup": [ ". ${DEVBOX_PROJECT_ROOT}/.activate", "chmod +x ${DEVBOX_PROJECT_ROOT}/scripts/*", @@ -25,13 +32,19 @@ "pre-commit install", "devbox run website setup" ], - "deploy": ["${DEVBOX_PROJECT_ROOT}/scripts/deploy.sh"], - "doppler": ["${DEVBOX_PROJECT_ROOT}/scripts/doppler.sh"], - "lint": ["pre-commit run --all-files"], - "tests": [ + "deploy": [ + "export BUCKET_NAME=$(cat ${DEVBOX_PROJECT_ROOT}/infrastructure/env/secrets.tfvars | grep bucket_name | cut -d= -f 2 | xargs)", + "devbox run website deploy ${BUCKET_NAME}" + ], + "switch-env": [ + "devbox run doppler $@", ". ${DEVBOX_PROJECT_ROOT}/.activate", + "devbox run setup", + "devbox run info" + ], + "tests": [ "devbox run lint", - "devbox run website pages-check", + "devbox run website mdx-checker", "devbox run website build", "devbox run infra plan" ] diff --git a/doppler.yaml b/doppler.yaml deleted file mode 100644 index 9379419..0000000 --- a/doppler.yaml +++ /dev/null @@ -1,3 +0,0 @@ -setup: - - project: italiaopensource-com - config: production diff --git a/infrastructure/.gitignore b/infrastructure/.gitignore index ab583ba..649e3b2 100644 --- a/infrastructure/.gitignore +++ b/infrastructure/.gitignore @@ -18,7 +18,7 @@ crash.*.log *.tfvars *.tfvars.json !env/*.tfvars -env/secrets.tfvars +env/secrets*.tfvars # Ignore override files as they are usually used to override resources locally and so # are not checked in diff --git a/infrastructure/Makefile b/infrastructure/Makefile index 1105b8c..1b757ba 100644 --- a/infrastructure/Makefile +++ b/infrastructure/Makefile @@ -1,3 +1,5 @@ +SECRETS_FILE := env/secrets.$${WORKSPACE}.tfvars + setup: ## Execute terraform init chmod +x scripts/*.sh && ./scripts/setup.sh $${WORKSPACE} && cd - @@ -6,18 +8,18 @@ select-workspace: ## Select terraform workspace .PHONY: plan plan: select-workspace ## Execute terraform plan - terraform plan -var-file=env/$${WORKSPACE}.tfvars -var-file=env/secrets.tfvars + terraform plan -var-file=env/$${WORKSPACE}.tfvars -var-file=$(SECRETS_FILE) .PHONY: apply apply: select-workspace ## Execute terraform plan - terraform apply -var-file=env/$${WORKSPACE}.tfvars -var-file=env/secrets.tfvars + terraform apply -var-file=env/$${WORKSPACE}.tfvars -var-file=$(SECRETS_FILE) .PHONY: destroy destroy: select-workspace ## Execute terraform plan - terraform destroy -var-file=env/$${WORKSPACE}.tfvars -var-file=env/secrets.tfvars + terraform destroy -var-file=env/$${WORKSPACE}.tfvars -var-file=$(SECRETS_FILE) apply-auto-approve: select-workspace ## Execute terraform plan - terraform apply -var-file=env/$${WORKSPACE}.tfvars -var-file=env/secrets.tfvars -auto-approve + terraform apply -var-file=env/$${WORKSPACE}.tfvars -var-file=$(SECRETS_FILE) -auto-approve check-drift: ## Check for drift. This will change the meaning of exit codes to: 0 - Succeeded (no changes), 1 - Errored, 2 - Succeeded, there is a diff - terraform plan -var-file=env/$${WORKSPACE}.tfvars -var-file=env/secrets.tfvars -detailed-exitcode -lock=false + terraform plan -var-file=env/$${WORKSPACE}.tfvars -var-file=$(SECRETS_FILE) -detailed-exitcode -lock=false diff --git a/infrastructure/env/ci.tfvars b/infrastructure/env/ci.tfvars deleted file mode 100644 index 73648d1..0000000 --- a/infrastructure/env/ci.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -environment = "ci" -project_name = "italiaopensource" -domain_name = "italiaopensource.com" -sub_domains_name = ["www"] -additional_tags = { - "service" = "website" -} diff --git a/infrastructure/env/production.tfvars b/infrastructure/env/production.tfvars index 936e33c..39b6b5f 100644 --- a/infrastructure/env/production.tfvars +++ b/infrastructure/env/production.tfvars @@ -1,7 +1,8 @@ -environment = "production" -project_name = "italiaopensource" -domain_name = "italiaopensource.com" -sub_domains_name = ["www"] +environment = "production" +project_name = "italiaopensource" +domain_name = "italiaopensource.com" +sub_domains_name = ["www"] +aws_route53_domain_name = "italiaopensource.com" additional_tags = { "service" = "website" } diff --git a/infrastructure/env/staging.tfvars b/infrastructure/env/staging.tfvars new file mode 100644 index 0000000..04135bf --- /dev/null +++ b/infrastructure/env/staging.tfvars @@ -0,0 +1,7 @@ +environment = "staging" +project_name = "italiaopensource" +domain_name = "stage.italiaopensource.com" +aws_route53_domain_name = "italiaopensource.com" +additional_tags = { + "service" = "website" +} diff --git a/infrastructure/main.tf b/infrastructure/main.tf index 68478d5..2318cb6 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -54,7 +54,7 @@ locals { } data "aws_route53_zone" "italiaopensource" { - name = var.domain_name + name = var.aws_route53_domain_name private_zone = false } @@ -98,7 +98,7 @@ resource "aws_s3_bucket_cors_configuration" "website" { # Disable if use static website mode resource "aws_cloudfront_origin_access_control" "this" { - name = "italiaopensource-website" + name = "italiaopensource-website-${var.environment}" origin_access_control_origin_type = "s3" signing_behavior = "always" signing_protocol = "sigv4" @@ -107,6 +107,7 @@ resource "aws_cloudfront_origin_access_control" "this" { module "cloudfront" { source = "./modules/cloudfront" + environment = var.environment domain_name = var.domain_name sub_domains_name = var.sub_domains_name price_class = "PriceClass_100" @@ -116,6 +117,7 @@ module "cloudfront" { custom_error_responses = local.custom_error_responses enable_rewrite_edge_lambda = true # Disable if use static website mode origin_access_control = aws_cloudfront_origin_access_control.this.id + acm_certificate_arn = var.aws_acm_certificate_arn tags = local.default_tags } diff --git a/infrastructure/modules/cloudfront/main.tf b/infrastructure/modules/cloudfront/main.tf index 54b6b72..6c415b4 100644 --- a/infrastructure/modules/cloudfront/main.tf +++ b/infrastructure/modules/cloudfront/main.tf @@ -17,7 +17,8 @@ locals { module "rewrite_index_edge_lambda" { count = var.enable_rewrite_edge_lambda ? 1 : 0 - source = "./modules/rewrite-index-edge-lambda" + source = "./modules/rewrite-index-edge-lambda" + function_name = "rewrite-index-${var.environment}" } locals { @@ -81,7 +82,7 @@ module "cache_policy_default" { min_ttl = 60 max_ttl = 86400 default_ttl = 60 - name = "deault" + name = "deault-${var.environment}" query_strings_config = { behavior = "all" } @@ -94,7 +95,7 @@ module "response_headers_policy" { aws = aws } - name = "default" + name = "deault-${var.environment}" override = var.override remove_headers = var.remove_headers } diff --git a/infrastructure/modules/cloudfront/modules/rewrite-index-edge-lambda/main.tf b/infrastructure/modules/cloudfront/modules/rewrite-index-edge-lambda/main.tf index b10dd0e..a8c7bec 100644 --- a/infrastructure/modules/cloudfront/modules/rewrite-index-edge-lambda/main.tf +++ b/infrastructure/modules/cloudfront/modules/rewrite-index-edge-lambda/main.tf @@ -24,7 +24,7 @@ resource "aws_iam_role" "rewrite_index" { resource "aws_lambda_function" "rewrite_index" { filename = "${path.module}/function/rewrite_index.zip" - function_name = "rewrite_index" + function_name = var.function_name role = aws_iam_role.rewrite_index.arn handler = "app.handler" runtime = "python3.9" @@ -35,6 +35,6 @@ resource "aws_lambda_function" "rewrite_index" { } resource "aws_cloudwatch_log_group" "rewrite_index" { - name = "/aws/lambda/rewrite_index" + name = "/aws/lambda/${var.function_name}" retention_in_days = 14 } diff --git a/infrastructure/modules/cloudfront/modules/rewrite-index-edge-lambda/variables.tf b/infrastructure/modules/cloudfront/modules/rewrite-index-edge-lambda/variables.tf new file mode 100644 index 0000000..d13c765 --- /dev/null +++ b/infrastructure/modules/cloudfront/modules/rewrite-index-edge-lambda/variables.tf @@ -0,0 +1,4 @@ +variable "function_name" { + description = "The name of the Lambda function" + type = string +} diff --git a/infrastructure/modules/cloudfront/variables.tf b/infrastructure/modules/cloudfront/variables.tf index 9c9b0ad..b6ebcc8 100644 --- a/infrastructure/modules/cloudfront/variables.tf +++ b/infrastructure/modules/cloudfront/variables.tf @@ -1,3 +1,8 @@ +variable "environment" { + description = "The environment to deploy the infrastructure" + type = string +} + variable "domain_name" { description = "The domain name for the website" type = string diff --git a/infrastructure/scripts/setup.sh b/infrastructure/scripts/setup.sh index 80d8bad..5035bfe 100755 --- a/infrastructure/scripts/setup.sh +++ b/infrastructure/scripts/setup.sh @@ -12,6 +12,7 @@ set -o pipefail WORKDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )/.." +SECRET_FILENAME="env/secrets.${WORKSPACE}.tfvars" check_arg() { local _arg_name=${1} @@ -33,7 +34,7 @@ set_tf_var() { export TF_VAR_${_arg_name}="${_arg_value}" echo "::add-mask::${_arg_value}" - echo "${_arg_name} = \"${_arg_value}\"" >> env/secrets.tfvars + echo "${_arg_name} = \"${_arg_value}\"" >> "${SECRET_FILENAME}" } create_backend_s3(){ @@ -64,12 +65,11 @@ EOF } main(){ - cd ${WORKDIR} + cd "${WORKDIR}" echo "## Setup: infrastructure project" - local _arg_workspace=${1} - check_arg "WORKSPACE" "${_arg_workspace}" + check_arg "WORKSPACE" "${WORKSPACE}" check_arg "AWS_ACCOUNT_ID" "${AWS_ACCOUNT_ID}" check_arg "AWS_DEFAULT_REGION" "${AWS_DEFAULT_REGION}" @@ -79,13 +79,17 @@ else create_backend_s3 ${AWS_TERRAFORM_STATE_BUCKET} fi - rm -f env/secrets.tfvars + rm -f "${SECRET_FILENAME}" set_tf_var "aws_region" "${AWS_DEFAULT_REGION}" - set_tf_var "bucket_name" "italiaopensource.com-website-${AWS_ACCOUNT_ID}-${_arg_workspace}" + set_tf_var "bucket_name" "italiaopensource.com-website-${AWS_ACCOUNT_ID}-${WORKSPACE}" + + if [[ -n "${AWS_ACM_CERTIFICATE_ARN}" ]] ; then + set_tf_var "aws_acm_certificate_arn" "${AWS_ACM_CERTIFICATE_ARN}" + fi terraform init - terraform workspace select -or-create=true ${_arg_workspace} + terraform workspace select -or-create=true "${WORKSPACE}" } main "$@" diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 1751e12..a8a52d1 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -32,4 +32,16 @@ variable "domain_name" { variable "sub_domains_name" { description = "The subdomains for the website" type = list(string) + default = [] +} + +variable "aws_route53_domain_name" { + description = "The domain name for the Route53" + type = string +} + +variable "aws_acm_certificate_arn" { + description = "The ACM certificate ARN" + type = string + default = "" } diff --git a/scripts/doppler.sh b/scripts/doppler.sh index dd23428..36a58ad 100755 --- a/scripts/doppler.sh +++ b/scripts/doppler.sh @@ -44,6 +44,13 @@ set_password() { main() { echo "[INFO] Setting up environment" + local _environment=${1} + + if [[ -z "${_environment}" ]]; then + echo "[ERROR] Environment is required: staging or production. Example: 'devbox run doppler staging'" + exit 1 + fi + local _project="global" local _config="organization" @@ -56,20 +63,11 @@ main() { touch ".env.doppler" echo "# Autogenerated by doppler.sh" > ".env.doppler" - doppler setup --no-interactive + doppler setup --no-interactive --project "italiaopensource-com" --config "${_environment}" set_password "global" "organization" - if [[ -f doppler.yaml ]]; then - local _project - # shellcheck disable=SC2002 - _project="$(cat doppler.yaml | grep -e project | cut -d: -f 2 | xargs)" - local _config - # shellcheck disable=SC2002 - _config="$(cat doppler.yaml | grep -e config | cut -d: -f 2 | xargs)" - - set_password "${_project}" "${_config}" - fi + set_password "italiaopensource-com" "${_environment}" } main "$@" diff --git a/website/Makefile b/website/Makefile deleted file mode 100644 index 8b15244..0000000 --- a/website/Makefile +++ /dev/null @@ -1,30 +0,0 @@ -HASH_COMMIT := latest -LOCALE := en - -.PHONY: start -start: ## Start the development server - yarn start --locale=$(LOCALE) - -.PHONY: build -build: ## Build website project - ls && yarn build - -.PHONY: serve -serve: ## Serve website project - yarn serve - -create-pages: ## Create website pages - yarn create-pages - -create-landings: ## Create website landings - yarn create-landings - -pages-check: - yarn mdx-checker - -setup: ## Setup the project - chmod +x scripts/setup.sh && ./scripts/setup.sh && cd - - -.PHONY: download -download: ## Download database from awesome-italia-opensource - chmod +x scripts/download.sh && ./scripts/download.sh $(HASH_COMMIT) && cd - \ No newline at end of file diff --git a/website/package.json b/website/package.json index 21e8456..cec929c 100644 --- a/website/package.json +++ b/website/package.json @@ -3,19 +3,19 @@ "version": "0.0.0", "private": true, "scripts": { + "write-translations": "docusaurus write-translations", + "write-heading-ids": "docusaurus write-heading-ids", + "typecheck": "tsc", "mdx-checker": "npx docusaurus-mdx-checker", - "docusaurus": "docusaurus", - "start": "docusaurus start", "create-landings": "python3 ./scripts/create_landings.py", "create-pages": "python3 ./scripts/create_pages.py", + "setup": "chmod +x scripts/*.sh && ./scripts/setup.sh", + "download": "./scripts/download.sh", "build": "yarn create-landings && yarn create-pages && yarn mdx-checker && docusaurus build", - "swizzle": "docusaurus swizzle", - "deploy": "docusaurus deploy", "clear": "docusaurus clear", "serve": "docusaurus serve", - "write-translations": "docusaurus write-translations", - "write-heading-ids": "docusaurus write-heading-ids", - "typecheck": "tsc" + "start": "docusaurus start", + "deploy": "./scripts/deploy.sh" }, "dependencies": { "@docusaurus/core": "^3.5.2", diff --git a/scripts/deploy.sh b/website/scripts/deploy.sh similarity index 77% rename from scripts/deploy.sh rename to website/scripts/deploy.sh index cc4deee..3eac8ea 100755 --- a/scripts/deploy.sh +++ b/website/scripts/deploy.sh @@ -14,15 +14,16 @@ WORKDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )/.." main(){ echo "## Deploy: website to S3" + cd "${WORKDIR}" - local _bucket_name=$(cat infrastructure/env/secrets.tfvars | grep bucket_name | cut -d\ -f 3 | xargs) + local _bucket_name=${1} if [ -z "${_bucket_name}" ]; then echo "Error: missing bucket name" exit 1 fi - cd ${WORKDIR}/website + echo "Deploying to bucket: ${_bucket_name}" aws s3 sync --delete build/ s3://${_bucket_name}/ }