CDCgov · derekadombek · Oct 17, 2024 · Sep 30, 2024 · Oct 1, 2024 · Oct 3, 2024
diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml
@@ -13,6 +13,9 @@ inputs:
   frontend-build-path:
     description: The temporary path where build files are storaged
     required: true
+  api-endpoint:
+    description: The endpoint to connect the frontend to an api
+    required: true
 
 runs:
   using: composite
@@ -37,7 +40,7 @@ runs:
       env:
         DEPLOY_ENV: ${{ inputs.deploy-env }}
       run: |
-        VITE_API_URL=${{ env.OCR_API_URL }} npm run build
+        VITE_API_URL=${{ inputs.api-endpoint }} npm run build
     - name: Test frontend
       shell: bash
       working-directory: ${{ inputs.frontend-path }}

diff --git a/.github/actions/build-publish-api/action.yml b/.github/actions/build-publish-api/action.yml
@@ -10,8 +10,8 @@ inputs:
   docker-username:
     description: Docker registry username
     required: true
-  version:
-    description: API version
+  docker-tag:
+    description: Docker tag, typically an API version
     required: true
   dockerfile-path:
     description: Dockerfile path
@@ -44,4 +44,4 @@ runs:
           context: ${{ inputs.docker-context-path }}
           file: ${{ inputs.dockerfile-path }}
           push: true
-          tags: ${{ inputs.docker-registry }}/${{ env.REPO }}-${{ inputs.api-name }}:${{ inputs.version }}
+          tags: ${{ inputs.docker-registry }}/${{ env.REPO }}-${{ inputs.api-name }}:${{ inputs.docker-tag }}
diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml
@@ -0,0 +1,56 @@
+name: Setup Environment with Terraform
+description: This action sets up the given environment using Terraform.
+inputs:
+  deploy-env:
+    description: The environment to deploy to.
+    required: true
+  azure-resource-group:
+    description: The Azure Resource Group for this environment.
+    required: true
+  azure-client-id:
+    description: The Azure client_id for this environment.
+    required: true
+  azure-tenant-id:
+    description: The Azure tenant_id for this environment.
+    required: true
+  azure-subscription-id:
+    description: The Azure subscription_id for this environment.
+    required: true
+  app-name:
+    description: The name of the application being deployed in Terraform.
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Load input variables
+      working-directory: ./ops/terraform
+      shell: bash
+      env:
+        RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }}
+        NAME: ${{ inputs.app-name }}
+      run: |
+        echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars
+        echo name=\""$NAME"\" >> terraform.tfvars
+        az config set defaults.group=$RESOURCE_GROUP_NAME
+    - name: Set environment
+      shell: bash
+      id: set-environment
+      env:
+        DEPLOY_ENV: ${{ inputs.deploy-env }}
+      run: |-
+        echo "tf-env=$(
+          echo ${DEPLOY_ENV}
+        )" >> $GITHUB_OUTPUT
+    - name: Terraform deploy
+      working-directory: ./ops/terraform
+      env:
+        ARM_CLIENT_ID: ${{ inputs.azure-client-id }}
+        ARM_TENANT_ID: ${{ inputs.azure-tenant-id }}
+        ARM_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }}
+      shell: bash
+      run: |
+        terraform init -backend-config=config/${{ inputs.deploy-env }}.config
+        terraform workspace select -or-create ${{ inputs.deploy-env }}
+        terraform plan -lock-timeout=30m
+        terraform apply -auto-approve -lock-timeout=30m
diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml
@@ -9,7 +9,7 @@ on:
 
 env:
   REGISTRY: ghcr.io
-  VERSION: ${{ inputs.tag }}
+  VERSION: derek-dev-combine
 
 
 jobs:
@@ -47,17 +47,27 @@ jobs:
 
   deploy:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
     needs: build-and-push-image
     environment: dev
     steps:
+      - uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
       - name: Lowercase the repo name
         run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
 
       - name: Deploy to Azure Web App
         id: deploy-to-webapp
         uses: azure/webapps-deploy@v3
         with:
-          app-name: reportvision-ocr-api-dev
-          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
+          app-name: reportvision-ocr-dev
           images: '${{ env.REGISTRY }}/${{ env.REPO}}-ocr-api:${{ env.VERSION }}'
 
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
@@ -19,21 +19,18 @@ on:
         required: true
 
 permissions:
-  id-token: write
   contents: read
+  packages: write
+  attestations: write
+  id-token: write
 
 env:
   NODE_VERSION: 20
-  OCR_API_URL: 'https://reportvision-ocr-api-dev.azurewebsites.net/'
+  OCR_API_URL: 'https://reportvision-ocr-dev.azurewebsites.net/'
 
 jobs:
-  build_publish_ocr:
+  build-publish-ocr:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      attestations: write
-      id-token: write
     steps:
       - uses: actions/checkout@v4
       - name: Build and Push backend
@@ -42,20 +39,41 @@ jobs:
           docker-registry: ghcr.io
           docker-pw: ${{ secrets.GITHUB_TOKEN }}
           docker-username: ${{ github.actor }}
-          version: ${{ inputs.ocr-version }}
+          docker-tag: ${{ inputs.ocr-version }}
           dockerfile-path: ./OCR/Dockerfile
           docker-context-path: ./OCR/
           api-name: ocr-api
 
-  build_frontend:
+  build-frontend:
     runs-on: ubuntu-latest
-    environment: dev
+    environment: ${{ inputs.deploy-env }}
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/build-frontend
         name: Build front-end application
         with:
+          api-endpoint: ${{ env.OCR_API_URL }}
           frontend-tarball: ./frontend.tgz
           deploy-env: ${{ inputs.deploy-env }}
           frontend-path: ./frontend
-          frontend-build-path: ./frontend/dist/
+          frontend-build-path: ./frontend/dist/
+
+  environment-setup:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.deploy-env }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      - uses: ./.github/actions/tf-setup
+        name: Setup this environment with Terraform
+        with:
+          deploy-env: ${{ inputs.deploy-env }}
+          azure-resource-group: reportvision-rg-${{ inputs.deploy-env }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          app-name: reportvision
diff --git a/ops/terraform/config/dev.config b/ops/terraform/config/dev.config
@@ -1,4 +1,4 @@
-    storage_account_name = "tfstaterv2024"
-    container_name       = "rv-tfstate"
-    key                  = "dev.terraform.tfstate"
-    use_oidc             = true
+storage_account_name = "tfstaterv2024"
         terraform init -backend-config=config/${{ inputs.deploy-env }}.config 
         terraform init -backend-config=config/${{ inputs.deploy-env }}.config 
+container_name       = "rv-tfstate"
+key                  = "dev.terraform.tfstate"
+use_oidc             = true
diff --git a/ops/terraform/config/dev2.config b/ops/terraform/config/dev2.config
@@ -1,4 +1,4 @@
-    storage_account_name = "tfstaterv2024"
-    container_name       = "rv-tfstate"
-    key                  = "dev2.terraform.tfstate"
-    use_oidc             = true
+storage_account_name = "tfstaterv2024"
+container_name       = "rv-tfstate"
+key                  = "dev2.terraform.tfstate"
+use_oidc             = true
diff --git a/ops/terraform/config/dev3.config b/ops/terraform/config/dev3.config
@@ -1,4 +1,4 @@
-    storage_account_name = "tfstaterv2024"
-    container_name       = "rv-tfstate"
-    key                  = "dev3.terraform.tfstate"
-    use_oidc             = true
+storage_account_name = "tfstaterv2024"
+container_name       = "rv-tfstate"
+key                  = "dev3.terraform.tfstate"
+use_oidc             = true
diff --git a/ops/terraform/config/dev4.config b/ops/terraform/config/dev4.config
@@ -1,4 +1,4 @@
-    storage_account_name = "tfstaterv2024"
-    container_name       = "rv-tfstate"
-    key                  = "dev4.terraform.tfstate"
-    use_oidc             = true
+storage_account_name = "tfstaterv2024"
+container_name       = "rv-tfstate"
+key                  = "dev4.terraform.tfstate"
+use_oidc             = true
diff --git a/ops/terraform/config/dev5.config b/ops/terraform/config/dev5.config
@@ -1,4 +1,4 @@
-    storage_account_name = "tfstaterv2024"
-    container_name       = "rv-tfstate"
-    key                  = "dev5.terraform.tfstate"
-    use_oidc             = true
+storage_account_name = "tfstaterv2024"
+container_name       = "rv-tfstate"
+key                  = "dev5.terraform.tfstate"
+use_oidc             = true
diff --git a/ops/terraform/config/dev6.config b/ops/terraform/config/dev6.config
@@ -1,4 +1,4 @@
-    storage_account_name = "tfstaterv2024"
-    container_name       = "rv-tfstate"
-    key                  = "dev6.terraform.tfstate"
-    use_oidc             = true
+storage_account_name = "tfstaterv2024"
+container_name       = "rv-tfstate"
+key                  = "dev6.terraform.tfstate"
+use_oidc             = true
diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf
@@ -1,8 +1,8 @@
 locals {
-  environment = "${terraform.workspace}"
+  environment = terraform.workspace
   init = {
-    environment         = local.environment
-    location            = "eastus2"
+    environment = local.environment
+    location    = "eastus2"
   }
   dev = {
     dev = {

diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf
@@ -1,6 +1,6 @@
 locals {
-  workspaces = "${merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6)}"
-  workspace  = "${local.workspaces[terraform.workspace]}"
+  workspaces = merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6)
+  workspace  = local.workspaces[terraform.workspace]
 
   management_tags = {
     environment    = local.environment
@@ -20,7 +20,7 @@ module "networking" {
   websubnetcidr  = local.workspace["websubnetcidr"]
   lbsubnetcidr   = local.workspace["lbsubnetcidr"]
   # dbsubnetcidr   = local.network.config.dbsubnetcidr
-  env            = local.environment
+  env = local.environment
 }
 
 ##########
@@ -34,8 +34,8 @@ module "securitygroup" {
   resource_group = data.azurerm_resource_group.rg.name
   web_subnet_id  = module.networking.websubnet_id
   # db_subnet_id   = module.networking.dbsubnet_id
-  lb_subnet_id   = module.networking.lbsubnet_id
-  env            = local.environment
+  lb_subnet_id = module.networking.lbsubnet_id
+  env          = local.environment
 }
 
 module "app_gateway" {
@@ -73,13 +73,13 @@ module "storage" {
 ##########
 
 module "ocr_api" {
-  source               = "./modules/app_service"
-  name                 = var.name
-  location             = local.init.location
-  resource_group       = data.azurerm_resource_group.rg.name
-  app_subnet_id        = module.networking.lbsubnet_id
-  env                  = local.environment
-  vnet                 = module.networking.network_name
+  source         = "./modules/app_service"
+  name           = var.name
+  location       = local.init.location
+  resource_group = data.azurerm_resource_group.rg.name
+  app_subnet_id  = module.networking.lbsubnet_id
+  env            = local.environment
+  vnet           = module.networking.network_name
 }
 
 # module "compute" {

diff --git a/ops/terraform/providers.tf b/ops/terraform/providers.tf
@@ -1,6 +1,6 @@
 terraform {
   backend "azurerm" {
-    resource_group_name  = "reportvision-rg-global"
+    resource_group_name = "reportvision-rg-global"
   }
   required_providers {
     azurerm = {