WorkFlow: Infrastructure & Code

.github/workflows/buildandpush-app.yaml

@@ -0,0 +1,61 @@
+name: BuildPush_App
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+
+env:
+  IMAGE_TAG: $(echo ${{ github.sha }} | cut -c1-4)
+  NODE_VERSION: 20.11.1
+
+jobs:
+    build_apps:
+      name: CodeBuild
+      permissions:
+        contents: read
+        issues: read
+        checks: write
+        pull-requests: write
+      runs-on: ubuntu-latest
+      environment: Dev
+      steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - name: Install dependencies
+        run: npm install
+        working-directory:  ./app/cohere-app
+
+      - name: Build Next.js app
+        run: npm run build
+        working-directory:  ./app/cohere-app
+
+    images:
+        name: ImageBuild
+        needs: build_apps
+        runs-on: ubuntu-latest
+        environment: Dev
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v4
+
+            #   https://github.com/google-github-actions/auth
+            - name: Authenticate with Google Cloud
+              uses: 'google-github-actions/auth@v2'
+              with:
+                project_id: ${{ secrets.PROJECT_ID }}
+                workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITYPROVIDER }}
+                credentials_json:  ${{ secrets.GCP_CREDENTIALS }}
+
+            - name: Build and Push Image
+              run: |
+                chmod +x ci/scripts/build-and-push-app.sh
+                python3 ci/scripts/build-and-push-all.py --config "ci/configs/pipeline-config.json" --gitsha ${{ env.IMAGE_TAG }} --registry gcr.io/${{ secrets.PROJECT_ID }}
+              env:
+                PROJECT_ID:  ${{ secrets.PROJECT_ID }}

.github/workflows/infra-release.yaml

@@ -0,0 +1,58 @@
+name: Infra Release
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+
+jobs:
+  terraform-release:
+    name: "Terraform Release"
+    runs-on: ubuntu-latest
+    environment: Dev
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Terraform
+        env:
+          TERRAFORM_VERSION: "1.7.4"
+        run: |
+          tf_version=$TERRAFORM_VERSION
+          wget https://releases.hashicorp.com/terraform/"$tf_version"/terraform_"$tf_version"_linux_amd64.zip
+
+          # Check if the terraform directory exists before deleting
+          if [ -d "/usr/local/bin/terraform" ]; then
+            sudo rm -rf /usr/local/bin/terraform
+          fi
+
+          # Check if the extracted directory exists before deleting
+          if [ -d "terraform" ]; then
+            sudo rm -rf terraform
+          fi
+
+          sudo unzip -o terraform_"$tf_version"_linux_amd64.zip
+          sudo mv terraform /usr/local/bin/
+
+      - name: Verify Terraform version
+        run: terraform --version
+
+      #   https://github.com/google-github-actions/auth
+      - name: Authenticate with Google Cloud
+        uses: 'google-github-actions/auth@v2'
+        with:
+          project_id: ${{ secrets.PROJECT_ID }}
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITYPROVIDER }}
+          credentials_json:  ${{ secrets.GCP_CREDENTIALS }}
+
+      - name: Terraform Plan
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          chmod +x ci/scripts/*.sh
+          python ci/scripts/execute-terraform.py  --config ci/configs/pipeline-config.json --command plan --env dev
+
+      - name: Terraform Apply
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          chmod +x ci/scripts/*.sh
+          python ci/scripts/execute-terraform.py  --config ci/configs/pipeline-config.json --command apply --env dev

.github/workflows/k8s-apps-release.yaml

@@ -0,0 +1,38 @@
+name: K8s_Apps
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+
+env:
+  IMAGE_TAG: $(echo ${{ github.sha }} | cut -c1-4)
+  NODE_VERSION: 20.11.1
+
+jobs:
+    deploy:
+        name: DeployApps
+        runs-on: ubuntu-latest
+        environment: Dev
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v4
+
+            #   https://github.com/google-github-actions/auth
+            - name: Authenticate with Google Cloud
+              uses: 'google-github-actions/auth@v2'
+              with:
+                project_id: ${{ secrets.PROJECT_ID }}
+                workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITYPROVIDER }}
+                credentials_json:  ${{ secrets.GCP_CREDENTIALS }}
+
+            - name: Configure kubectl
+              uses: google-github-actions/setup-gcloud@v0
+              with:
+                project_id: ${{ secrets.PROJECT_ID }}
+                service_account_key: ${{ secrets.GKE_SA_KEY }}
+
+            - name: Deploy App w Database
+              run: |
+                kubectl apply -f manifests/cohere-app.yaml
+                kubectl apply -f manifests/postgress.yaml

.gitignore

@@ -32,3 +32,47 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+
+# Node.js
+node_modules/
+
+# Next.js
+.next/
+out/
+
+# Logs
+logs
+*.log
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Editor directories and files
+.vscode/
+.idea/
+
+# Environment variables
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# Next.js cache files
+.cache/
+
+# yarn
+yarn-error.log
+.pnp/
+.yarn/
+yarn.lock
+
+# npm
+npm-debug.log*

README.md

@@ -1,2 +1,81 @@
-# gke-terraform
-Deploy GKE cluster with Terraform 
+# GKE Terraform
+
+This project aims to deploy a Kubernetes cluster on Google Cloud Platform (GCP) using Terraform. The infrastructure will include a load balancer for ingress, instances, and instance groups. Additionally, it will showcase the integration of a basic Next.js application, containerized with a small program rendering the Cohere logo on page load.
+
+**Requirements**
+
+<table><tbody><tr><td><code><strong>TOOL &nbsp;&nbsp;</strong></code></td><td><code><strong>VERSION &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</strong></code></td></tr><tr><td><code>Terraform&nbsp;</code></td><td><code>v1.7.4 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</code></td></tr><tr><td><code>Python&nbsp;</code></td><td><code>3.12.2 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</code></td></tr><tr><td><code>GCloud &nbsp;&nbsp;</code></td><td><code>Google Cloud SDK 466.0.0&nbsp;</code></td></tr><tr><td><code>Node &nbsp;&nbsp;</code></td><td><code>v20.11.1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</code></td></tr></tbody></table>
+
+## Project Structure
+
+```
+.
+├── terraform/
+│   ├── environments
+│   |   └── dev
+│   |       ├── outputs.tf
+│   |       ├── outputs.tf
+│   |       ├── outputs.tf
+│   |       └── outputs.tf
+│   └── modules
+├── kubernetes/
+│   ├── nextjs-app.yaml
+│   ├── postgresql.yaml       # Optional
+│   └── ...
+├── nextjs-app/
+│   ├── Dockerfile
+│   ├── package.json
+│   ├── pages/
+│   │   └── index.js
+│   └── ...
+├── postgresql/
+│   ├── Dockerfile            # Optional
+│   ├── postgresql-init.sql   # Optional
+│   └── ...
+├── README.md
+└── ...
+```
+
+### **Build & Push**
+
+```
+$ chmod +x ci/scripts/build-and-push-app.sh
+$ python3 ci/scripts/build-and-push-all.py  --config ci/configs/pipeline-config.json --gitsha [GIT SHA] --registry gcr.io/[PROJECT_ID]
+```
+
+## **Run App**
+
+The App is a simple nextjs app for k8s cluster access testing purposes. 
+
+- npm install
+
+### **Build**
+This command builds the app for production
+
+```
+$ npm run build
+```
+
+### **Start**
+This command launches app with build configuration and files
+
+```
+$ npm run dev # runs in development mode and does not require pre-build
+$ npm run start
+```
+
+## **Infrastructure as Code**
+
+IaC is setup with Terraform. resouce modules are build in the `terraform/modules` directory and consumed when building each sub environment in `environment/[env]`
+
+### **Plan**
+
+```
+$ python3 ci/scripts/execute-terraform.py --command plan --config ci/configs/pipeline-config.json --env dev
+```
+
+### **Apply**
+
+```
+$ python3 ci/scripts/execute-terraform.py --command apply --config ci/configs/pipeline-config.json --env dev
+```

app/.dockerignore

@@ -0,0 +1,2 @@
+**/reports/
+**/tests/

app/Dockerfile

@@ -0,0 +1,17 @@
+FROM node:20-alpine
+ARG APP_NAME
+
+WORKDIR /app
+COPY /${APP_NAME}/package*.json ./
+
+# Install dependencies
+RUN npm install
+
+COPY /${APP_NAME} .
+
+# Build the Next.js application
+RUN npm run build
+EXPOSE 3000
+
+# Run Application
+CMD ["npm", "start"]

app/cohere-app/.gitignore

@@ -0,0 +1,30 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# local env files
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local

app/cohere-app/README.md

@@ -0,0 +1 @@
+This is a starter template for [Learn Next.js](https://nextjs.org/learn).