[DRAFT] Terraform refactor / Go buildpack deploy

.github/workflows/demo.yaml

@@ -0,0 +1,19 @@
+name: GitHub Actions Demo
+run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
+on:
+  workflow_dispatch:
+jobs:
+  Explore-GitHub-Actions:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
+      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
+      - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
+      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
+      - name: List files in the repository
+        run: |
+          ls ${{ github.workspace }}
+      - run: echo "🍏 This job's status is ${{ job.status }}."

.github/workflows/deploy-to-dev.yaml

@@ -0,0 +1,115 @@
+#
+# To manually trigger:
+# gh workflow run --ref jadudm/tf-0103 --field environment=dev deploy-to-dev.yaml
+# 
+name: Deploy to space
+on:
+  # push:
+  #   branches:
+  #     - jadudm/tf-0103
+  workflow_dispatch:
+    inputs:
+      environment:
+        required: true
+        type: string
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    name: apply ( ${{ inputs.environment }} )
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    env:
+        KEY: "terraform.tfstate.${{ inputs.environment }}"
+        TF_VAR_cf_user: ${{ secrets.CF_USERNAME }}
+        TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        AWS_CONFIG_FILE: "${GITHUB_WORKSPACE}/aws-config"
+        AWS_SHARED_CREDENTIALS_FILE: "${GITHUB_WORKSPACE}/aws-credentials"
+    steps:
+
+      # This leaves the repository checked out in ${GITHUB_WORKSPACE}.
+      # So, ${GITHUB_WORKSPACE}/terraform is where the TF lives.
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: what is there
+        run: |
+          ls -alh "${GITHUB_WORKSPACE}"
+          ls -alh "${GITHUB_WORKSPACE}/terraform"
+
+      - name: Install CloudFoundry CLI v8
+        run: |
+          curl -k -O -L https://github.com/cloudfoundry/cli/releases/download/v8.8.0/cf8-cli-installer_8.8.0_x86-64.deb
+          sudo apt-get install --assume-yes ./cf8-cli-installer_8.8.0_x86-64.deb
+
+      # This may want to become TF actions
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.10.3"
+
+      # We use ${{ secret.X }} to reference secrets, and 
+      # we use ${{ vars.X }} to access environment variables
+      - name: Authenticate against Cloud.gov
+        run: |
+          cf api api.fr.cloud.gov
+          cf auth ${{ secrets.CF_USERNAME }} ${{ secrets.CF_PASSWORD }}
+          cf target -o ${{ vars.CF_ORG }} -s ${{ vars.CF_SPACE }}
+
+      # https://stackoverflow.com/questions/14268097/do-i-need-cat-to-write-a-heredoc-to-a-file
+      # https://stackoverflow.com/questions/63048738/how-to-declare-variables-for-s3-backend-in-terraform
+      - name: Setup TF creds for state bucket
+        run: |
+          tee "${GITHUB_WORKSPACE}/terraform/${{ inputs.environment }}/backend_${{ inputs.environment }}.config" <<EOF
+          bucket="${{ secrets.TF_VAR_BUCKET_NAME }}"
+          region="${{ secrets.TF_VAR_AWS_DEFAULT_REGION}}"
+          access_key="${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }}"
+          secret_key="${{ secrets.TF_VAR_SECRET_ACCESS_KEY }}"
+          endpoints={ s3 = "https://s3-${{ secrets.TF_VAR_AWS_DEFAULT_REGION }}.amazonaws.com/" }
+          EOF
+
+      - name: Setup TF vars for execution
+        run: |
+          tee "${GITHUB_WORKSPACE}/terraform/${{ inputs.environment }}/terraform.tfvars" <<EOF
+          cf_username = "${{ secrets.CF_USERNAME }}"
+          cf_password = "${{ secrets.CF_PASSWORD }}"
+          api_key     = "FIXME"
+          cf_space_guid = "${{ secrets.CF_SPACE_GUID }}"
+          cf_org_guid = "${{ secrets.CF_ORG_GUID }}"
+          EOF
+
+      # - name: Setup AWS
+      #   run: |
+      #     tee "${GITHUB_WORKSPACE}/aws-credentials" <<EOF
+      #     [default]
+      #     aws_access_key_id="${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }}"
+      #     aws_secret_access_key="${{ secrets.TF_VAR_SECRET_ACCESS_KEY }}"
+      #     EOF
+      #     chmod 600 "${GITHUB_WORKSPACE}/aws-credentials"
+      #     tee "${GITHUB_WORKSPACE}/aws-config" <<EOF
+      #     [default]
+      #     region="${{ secrets.TF_VAR_AWS_DEFAULT_REGION }}"
+      #     EOF
+
+      - name: TF init
+        run: |
+          pushd ${GITHUB_WORKSPACE}/terraform/${{ inputs.environment }}
+            terraform init -backend-config="./backend_${{ inputs.environment }}.config" || echo "Failed" && exit
+          popd
+
+      - name: TF plan
+        uses:  dflook/terraform-plan@v1
+        with:
+          path: "${GITHUB_WORKSPACE}/terraform/${{ inputs.environment }}/main.tf"
+          backend_config_file: "${GITHUB_WORKSPACE}/terraform/${{ inputs.environment }}/backend_${{ inputs.environment}}.config"
+
+      # - name: TF apply
+      # run: |
+      #   pushd ${GITHUB_WORKSPACE}/terraform/${{ inputs.environment }}
+      #     make apply
+      #   popd

Makefile

@@ -42,8 +42,6 @@ build: clean config generate
 	# cd cmd/validate ; make build
 	echo "build walk"
 	cd cmd/walk ; make build
-	echo "copy assets"
-	cd assets ; rm -rf static/assets ; unzip -qq static.zip
 
 .PHONY: up
 up: build

config/services/admin.libsonnet

@@ -11,14 +11,15 @@ local credentials = [
 local parameters = [
   [
     'debug_level',
-    { cf: 'warn', container: 'debug', localhost: 'debug'},
+    { cf: 'warn', container: 'debug', localhost: 'debug' },
   ],
 ] + B.parameters;
 
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

config/services/cf.jsonnet

@@ -1,5 +1,6 @@
 local A = import 'admin.libsonnet';
-local E = import 'extract.libsonnet';
+local EN = import 'entree.libsonnet';
+local EX = import 'extract.libsonnet';
 local F = import 'fetch.libsonnet';
 local M = import 'migrate.libsonnet';
 local P = import 'pack.libsonnet';
@@ -12,7 +13,8 @@ local W = import 'walk.libsonnet';
   EIGHT_SERVICES: {
     'user-provided': [
       A.cf,
-      E.cf,
+      EN.cf,
+      EX.cf,
       F.cf,
       M.cf,
       P.cf,

config/services/entree.libsonnet

@@ -11,18 +11,19 @@ local credentials = [
 local parameters = [
   [
     'workers',
-    { cf: 10, container: 50, localhost: 10},
+    { cf: 10, container: 50, localhost: 10 },
   ],
   [
     'debug_level',
-    { cf: 'warn', container: 'info', localhost: 'debug'},
+    { cf: 'warn', container: 'info', localhost: 'debug' },
   ],
 ] + B.parameters;
 
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

config/services/extract.libsonnet

@@ -34,7 +34,8 @@ local parameters = [
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

config/services/fetch.libsonnet

@@ -37,7 +37,8 @@ local parameters = [
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

config/services/migrate.libsonnet

@@ -6,14 +6,15 @@ local credentials = [];
 local parameters = [
   [
     'debug_level',
-    { cf: 'warn', container: 'debug', localhost: 'debug'},
+    { cf: 'warn', container: 'debug', localhost: 'debug' },
   ],
 ] + B.parameters;
 
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

config/services/pack.libsonnet

@@ -22,7 +22,8 @@ local parameters = [
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

config/services/serve.libsonnet

@@ -59,7 +59,8 @@ local parameters = [
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

config/services/validate.libsonnet

@@ -22,7 +22,8 @@ local parameters = [
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

config/services/walk.libsonnet

@@ -34,7 +34,8 @@ local parameters = [
 {
   creds:: [[service] + x for x in credentials],
   params:: [[service] + x for x in parameters],
-  cf: B.params('credentials', 'cf', service, self.creds) +
+  cf: { name: service } +
+      B.params('credentials', 'cf', service, self.creds) +
       B.params('parameters', 'cf', service, self.params),
   container: { name: service } +
              B.params('credentials', 'container', service, self.creds) +

terraform/.gitignore

@@ -1,9 +1,14 @@
 # Local .terraform directories
+.terraform
+**/.terraform
+.terraform/*
 **/.terraform/*
 
 # .tfstate files
 *.tfstate
 *.tfstate.*
+**/*.tfstate
+**/*.tfstate.*
 
 # Crash log files
 crash.log
@@ -15,16 +20,22 @@ crash.*.log
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
+**/*.tfvars
+**/*.tfvars.json
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
+**/override.tf*
+**/*_override.tf*
+
 
 # Ignore transient lock info files created by terraform apply
 .terraform.tfstate.lock.info
+**/.terraform.tfstate.lock.info
 
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
@@ -35,10 +46,21 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+**/.terraformrc
+**/terraform.rc
 
 # Ignore the lock file; this is a demo, not about collab/CI/CD.
 .terraform.lock.hcl
+**/.terraform.lock.hcl
+
+# developer files 
+dev/developers.tf
+staging/developers.tf
+production/developers.tf
 
-zips/*
-plans/*
-app/*
+zips
+plans
+app
+**/zips
+**/plans
+**/app