diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index 00b8f9d3..1c9ea9f2 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -13,6 +13,9 @@ inputs: frontend-build-path: description: The temporary path where build files are storaged required: true + api-endpoint: + description: The endpoint to connect the frontend to an api + required: true runs: using: composite @@ -37,7 +40,7 @@ runs: env: DEPLOY_ENV: ${{ inputs.deploy-env }} run: | - VITE_API_URL=${{ env.OCR_API_URL }} npm run build + VITE_API_URL=${{ inputs.api-endpoint }} npm run build - name: Test frontend shell: bash working-directory: ${{ inputs.frontend-path }} diff --git a/.github/actions/build-publish-api/action.yml b/.github/actions/build-publish-api/action.yml index d94ff779..65ace41b 100644 --- a/.github/actions/build-publish-api/action.yml +++ b/.github/actions/build-publish-api/action.yml @@ -10,8 +10,8 @@ inputs: docker-username: description: Docker registry username required: true - version: - description: API version + docker-tag: + description: Docker tag, typically an API version required: true dockerfile-path: description: Dockerfile path @@ -44,4 +44,4 @@ runs: context: ${{ inputs.docker-context-path }} file: ${{ inputs.dockerfile-path }} push: true - tags: ${{ inputs.docker-registry }}/${{ env.REPO }}-${{ inputs.api-name }}:${{ inputs.version }} \ No newline at end of file + tags: ${{ inputs.docker-registry }}/${{ env.REPO }}-${{ inputs.api-name }}:${{ inputs.docker-tag }} \ No newline at end of file diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml new file mode 100644 index 00000000..eb2b6a55 --- /dev/null +++ b/.github/actions/tf-setup/action.yml @@ -0,0 +1,56 @@ +name: Setup Environment with Terraform +description: This action sets up the given environment using Terraform. +inputs: + deploy-env: + description: The environment to deploy to. + required: true + azure-resource-group: + description: The Azure Resource Group for this environment. + required: true + azure-client-id: + description: The Azure client_id for this environment. + required: true + azure-tenant-id: + description: The Azure tenant_id for this environment. + required: true + azure-subscription-id: + description: The Azure subscription_id for this environment. + required: true + app-name: + description: The name of the application being deployed in Terraform. + required: true + +runs: + using: composite + steps: + - name: Load input variables + working-directory: ./ops/terraform + shell: bash + env: + RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }} + NAME: ${{ inputs.app-name }} + run: | + echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars + echo name=\""$NAME"\" >> terraform.tfvars + az config set defaults.group=$RESOURCE_GROUP_NAME + - name: Set environment + shell: bash + id: set-environment + env: + DEPLOY_ENV: ${{ inputs.deploy-env }} + run: |- + echo "tf-env=$( + echo ${DEPLOY_ENV} + )" >> $GITHUB_OUTPUT + - name: Terraform deploy + working-directory: ./ops/terraform + env: + ARM_CLIENT_ID: ${{ inputs.azure-client-id }} + ARM_TENANT_ID: ${{ inputs.azure-tenant-id }} + ARM_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} + shell: bash + run: | + terraform init -backend-config=config/${{ inputs.deploy-env }}.config + terraform workspace select -or-create ${{ inputs.deploy-env }} + terraform plan -lock-timeout=30m + terraform apply -auto-approve -lock-timeout=30m \ No newline at end of file diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml index af0c144b..9c558297 100644 --- a/.github/workflows/build-deploy-ocr.yml +++ b/.github/workflows/build-deploy-ocr.yml @@ -20,8 +20,6 @@ jobs: packages: write attestations: write id-token: write - outputs: - result: ${{ steps.image_check.outputs.result}} steps: - name: Checkout repository uses: actions/checkout@v4 @@ -47,9 +45,20 @@ jobs: deploy: runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write needs: build-and-push-image environment: dev steps: + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Lowercase the repo name run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} @@ -57,7 +66,6 @@ jobs: id: deploy-to-webapp uses: azure/webapps-deploy@v3 with: - app-name: reportvision-ocr-api-dev - publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} + app-name: reportvision-ocr-dev images: '${{ env.REGISTRY }}/${{ env.REPO}}-ocr-api:${{ env.VERSION }}' diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 517fcb68..297407ae 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -19,21 +19,18 @@ on: required: true permissions: - id-token: write contents: read + packages: write + attestations: write + id-token: write env: NODE_VERSION: 20 - OCR_API_URL: 'https://reportvision-ocr-api-dev.azurewebsites.net/' + OCR_API_URL: 'https://reportvision-ocr-dev.azurewebsites.net/' jobs: - build_publish_ocr: + build-publish-ocr: runs-on: ubuntu-latest - permissions: - contents: read - packages: write - attestations: write - id-token: write steps: - uses: actions/checkout@v4 - name: Build and Push backend @@ -42,20 +39,41 @@ jobs: docker-registry: ghcr.io docker-pw: ${{ secrets.GITHUB_TOKEN }} docker-username: ${{ github.actor }} - version: ${{ inputs.ocr-version }} + docker-tag: ${{ inputs.ocr-version }} dockerfile-path: ./OCR/Dockerfile docker-context-path: ./OCR/ api-name: ocr-api - build_frontend: + build-frontend: runs-on: ubuntu-latest - environment: dev + environment: ${{ inputs.deploy-env }} steps: - uses: actions/checkout@v4 - uses: ./.github/actions/build-frontend name: Build front-end application with: + api-endpoint: ${{ env.OCR_API_URL }} frontend-tarball: ./frontend.tgz deploy-env: ${{ inputs.deploy-env }} frontend-path: ./frontend - frontend-build-path: ./frontend/dist/ \ No newline at end of file + frontend-build-path: ./frontend/dist/ + + environment-setup: + runs-on: ubuntu-latest + environment: ${{ inputs.deploy-env }} + steps: + - uses: actions/checkout@v4 + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: ./.github/actions/tf-setup + name: Setup this environment with Terraform + with: + deploy-env: ${{ inputs.deploy-env }} + azure-resource-group: reportvision-rg-${{ inputs.deploy-env }} + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + app-name: reportvision \ No newline at end of file diff --git a/.gitignore b/.gitignore index 1390ec91..4956c4d4 100644 --- a/.gitignore +++ b/.gitignore @@ -414,7 +414,8 @@ sketch # End of https://www.toptal.com/developers/gitignore/api/react ## Terraform ## -.terraform +*.terraform +*.lock.hcl *.tfplan* *.tfstate* *.tfvars diff --git a/ops/terraform/.gitignore b/ops/terraform/.gitignore deleted file mode 100644 index 03815788..00000000 --- a/ops/terraform/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -.terraform -*.tfplan* -*.tfstate* -*.tfvars \ No newline at end of file diff --git a/ops/terraform/.terraform.lock.hcl b/ops/terraform/.terraform.lock.hcl deleted file mode 100644 index 0ca4d37c..00000000 --- a/ops/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,42 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.116.0" - constraints = "~> 3.0" - hashes = [ - "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", - "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", - "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", - "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", - "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", - "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", - "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", - "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", - "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", - "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", - "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.6.3" - constraints = "~> 3.0" - hashes = [ - "h1:zG9uFP8l9u+yGZZvi5Te7PV62j50azpgwPunq2vTm1E=", - "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", - "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", - "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", - "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", - "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", - "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", - "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", - "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", - "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", - "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", - ] -} diff --git a/ops/terraform/config/dev.config b/ops/terraform/config/dev.config index bf40ffa5..aae91794 100644 --- a/ops/terraform/config/dev.config +++ b/ops/terraform/config/dev.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev.terraform.tfstate" - use_oidc = true \ No newline at end of file +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/config/dev2.config b/ops/terraform/config/dev2.config index c6eec405..d88c2583 100644 --- a/ops/terraform/config/dev2.config +++ b/ops/terraform/config/dev2.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev2.terraform.tfstate" - use_oidc = true \ No newline at end of file +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev2.terraform.tfstate" +use_oidc = true \ No newline at end of file diff --git a/ops/terraform/config/dev3.config b/ops/terraform/config/dev3.config index 4d8b1b16..f49dff49 100644 --- a/ops/terraform/config/dev3.config +++ b/ops/terraform/config/dev3.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev3.terraform.tfstate" - use_oidc = true \ No newline at end of file +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev3.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/config/dev4.config b/ops/terraform/config/dev4.config index 85638aa5..bbad19f8 100644 --- a/ops/terraform/config/dev4.config +++ b/ops/terraform/config/dev4.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev4.terraform.tfstate" - use_oidc = true \ No newline at end of file +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev4.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/config/dev5.config b/ops/terraform/config/dev5.config index 1889dabc..ff1eb38a 100644 --- a/ops/terraform/config/dev5.config +++ b/ops/terraform/config/dev5.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev5.terraform.tfstate" - use_oidc = true \ No newline at end of file +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev5.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/config/dev6.config b/ops/terraform/config/dev6.config index 7b84985d..dee86db8 100644 --- a/ops/terraform/config/dev6.config +++ b/ops/terraform/config/dev6.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev6.terraform.tfstate" - use_oidc = true \ No newline at end of file +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev6.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf index d42f56af..b8ae70b5 100644 --- a/ops/terraform/locals.tf +++ b/ops/terraform/locals.tf @@ -1,8 +1,8 @@ locals { - environment = "${terraform.workspace}" + environment = terraform.workspace init = { - environment = local.environment - location = "eastus2" + environment = local.environment + location = "eastus2" } dev = { dev = { diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index 88dc80ce..f1116bc3 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -1,6 +1,6 @@ locals { - workspaces = "${merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6)}" - workspace = "${local.workspaces[terraform.workspace]}" + workspaces = merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6) + workspace = local.workspaces[terraform.workspace] management_tags = { environment = local.environment @@ -20,7 +20,7 @@ module "networking" { websubnetcidr = local.workspace["websubnetcidr"] lbsubnetcidr = local.workspace["lbsubnetcidr"] # dbsubnetcidr = local.network.config.dbsubnetcidr - env = local.environment + env = local.environment } ########## @@ -34,8 +34,8 @@ module "securitygroup" { resource_group = data.azurerm_resource_group.rg.name web_subnet_id = module.networking.websubnet_id # db_subnet_id = module.networking.dbsubnet_id - lb_subnet_id = module.networking.lbsubnet_id - env = local.environment + lb_subnet_id = module.networking.lbsubnet_id + env = local.environment } module "app_gateway" { @@ -73,13 +73,13 @@ module "storage" { ########## module "ocr_api" { - source = "./modules/app_service" - name = var.name - location = local.init.location - resource_group = data.azurerm_resource_group.rg.name - app_subnet_id = module.networking.lbsubnet_id - env = local.environment - vnet = module.networking.network_name + source = "./modules/app_service" + name = var.name + location = local.init.location + resource_group = data.azurerm_resource_group.rg.name + app_subnet_id = module.networking.lbsubnet_id + env = local.environment + vnet = module.networking.network_name } # module "compute" { diff --git a/ops/terraform/providers.tf b/ops/terraform/providers.tf index 554c8664..4148ac52 100644 --- a/ops/terraform/providers.tf +++ b/ops/terraform/providers.tf @@ -1,6 +1,6 @@ terraform { backend "azurerm" { - resource_group_name = "reportvision-rg-global" + resource_group_name = "reportvision-rg-global" } required_providers { azurerm = {