[DEV-1427] Move infrastructure under the monorepo structure (#720)

.changeset/eleven-ties-boil.md

@@ -0,0 +1,5 @@
+---
+"infrastructure": minor
+---
+
+Move the infrastructure within the monorepo (`apps/infrastructure`)

.github/actions/setup-terraform/action.yaml

@@ -11,7 +11,7 @@ runs:
   steps:
     - name: Set Terraform version
       shell: bash
-      working-directory: .infrastructure
+      working-directory: apps/infrastructure/src
       run: echo "TERRAFORM_VERSION=`cat .terraform-version`" >> $GITHUB_ENV
 
     - name: Setup Terraform
@@ -21,10 +21,10 @@ runs:
 
     - name: Check Terraform format
       shell: bash
-      working-directory: .infrastructure
+      working-directory: apps/infrastructure/src
       run: terraform fmt -check -recursive
 
     - name: Terraform Init
       shell: bash
-      working-directory: .infrastructure
+      working-directory: apps/infrastructure/src
       run: ./terraform.sh init ${{ inputs.environment }}

.github/labeler.yaml

@@ -2,7 +2,7 @@ website: apps/nextjs-website/**/*
 packages: packages/**/*
 docs: docs/**/*
 workflows: .github/workflows/**/*
-infra: .infrastructure/**/*
+infra: apps/infrastructure/**/*
 changeset: .changeset/**/*
 cms: apps/strapi-cms/**/*
 cognito-functions: apps/cognito-functions/**/*

.github/workflows/code_review_infra.yaml

@@ -5,7 +5,7 @@ on:
     branches: '**'
     # Run only if there are at least one change matching the following paths
     paths:
-      - '.infrastructure/**'
+      - 'apps/infrastructure/src/**'
       - '.github/workflows/code_review_infra.yaml'
 
 permissions:
@@ -50,5 +50,5 @@ jobs:
           environment: ${{ matrix.environment }}
 
       - name: Terraform Plan
-        working-directory: .infrastructure
+        working-directory: apps/infrastructure/src
         run: ./terraform.sh plan ${{ matrix.environment }}

.github/workflows/deploy_infra.yml

@@ -25,7 +25,7 @@ on:
 defaults:
   run:
     shell: bash
-    working-directory: .infrastructure
+    working-directory: apps/infrastructure/src
 
 permissions:
   id-token: write   # This is required for requesting the JWT

.github/workflows/pr_enrich.yaml

@@ -24,7 +24,7 @@ jobs:
         uses: pagopa/github-actions-template/check-pr-size@d91a1fd0b913c9830589be5d86cdb71c90813fae # v1.5.4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          ignored_files: 'package-lock.json, docs/ .infrastructure/.terraform.lock.hcl'
+          ignored_files: 'package-lock.json, docs/ apps/infrastructure/src/.terraform.lock.hcl'
           min_size: 200
           max_size: 800
 

apps/infrastructure/.gitignore

@@ -0,0 +1,40 @@
+# Created by https://www.toptal.com/developers/gitignore/api/terraform
+# Edit at https://www.toptal.com/developers/gitignore?templates=terraform
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# End of https://www.toptal.com/developers/gitignore/api/terraform

.infrastructure/README.md → apps/infrastructure/README.md

@@ -7,11 +7,11 @@ The following tools are required to setup and manage a new environment.
 
 ## How set up a new environment
 
-Make sure you don't have a `*.tfstate` file within the `.infrastructure/.terraform` folder. If you have any, delete them.
+Make sure you don't have a `*.tfstate` file within the `apps/infrastructure/.terraform` folder. If you have any, delete them.
 
 ### Step 1: Disable the backend
 
-Comment the `backend "s3" {}` line from `00-main.tf` file:
+Comment the `backend "s3" {}` line from `main.tf` file:
 
 ``` sh
 terraform {
@@ -34,7 +34,7 @@ terraform {
 The following steps require a valid aws session
 
 ``` sh
-cd .infrastructure
+cd apps/infrastructure/src
 
 # create an empty terraform vars file
 touch env/<env_name>/terraform.tfvars
@@ -62,7 +62,7 @@ Copy the output provided by terraform, you need the following two outputs:
 
 ### Step 3: Add the backend and upload the local state
 
-Remove the comment from the line `backend "s3" {}` from `00-main.tf` file:
+Remove the comment from the line `backend "s3" {}` from `main.tf` file:
 
 ``` sh
 terraform {

apps/infrastructure/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "infrastructure",
+  "version": "0.0.1",
+  "private": true
+}

.infrastructure/cloudfront.tf → apps/infrastructure/src/cloudfront.tf

@@ -46,7 +46,7 @@ resource "aws_cloudfront_function" "website_viewer_request_handler" {
   runtime = "cloudfront-js-1.0"
   # publish this version only if the env is true
   publish = var.publish_cloudfront_functions
-  code    = file("${path.module}/../apps/cloudfront-functions/dist/viewer-request-handler.js")
+  code    = file("${path.module}/../../cloudfront-functions/dist/viewer-request-handler.js")
 }
 
 ## Static website CDN

docs/architecture/decisions/0008-location-of-iac-files.md

@@ -0,0 +1,33 @@
+# 8. Location of the IaC files
+
+Date: 2024-03-11
+
+## Status
+
+Accepted
+
+## Context
+
+We aim to version our Terraform code for infrastructure using [changeset](https://github.com/changesets/changesets). To achieve this, we need to create a node module containing the IaC. The critical decision lies in determining where to place this Terraform code.
+
+### Option 1
+
+Keep the code within the `<repository_root>/.infrastructure` folder.
+
+**Cons**: hidden directories (those starting with a dot) in Linux file systems are typically reserved for configuration files and settings.
+
+### Option 2
+
+Move the code into `<repository_root>/infrastructure` folder
+
+### Option 3
+
+Move the code within the monorepo, under the `<repository_root>/apps/infrastructure` folder
+
+## Decision
+We choose Option 3 because, [as suggested by the Turbo documentation](https://turbo.build/repo/docs/handbook/workspaces#configuring-workspaces), the apps folder should contain launchable apps.  
+The new infrastructure package involves a set of commands, making it a suitable fit for the description provided by Turbo.
+
+## Consequences
+
+Updating the references in our GitHub Workflows to execute code from the new directory will be necessary.