Merge pull request #9 from PartTimeLegend/terraform

Add terraform
PartTimeLegend · Mar 26, 2024 · 2051ddb · 2051ddb
2 parents dbadaa6 + dd0d4f0
commit 2051ddb
Show file tree

Hide file tree

Showing 16 changed files with 274 additions and 0 deletions.
diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml
@@ -0,0 +1,21 @@
+name: Generate terraform docs
+on: 
+  pull_request:
+    paths:
+      - deploy/terraform/**
+jobs:
+  docs:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Render terraform docs inside the README.md and push changes back to PR branch
+      uses: terraform-docs/gh-actions@v1.1.0
+      with:
+        working-dir: ./deploy/terraform
+        output-file: README.MD
+        output-method: replace
+        git-push: "true"
diff --git a/deploy/terraform/.gitignore b/deploy/terraform/.gitignore
@@ -0,0 +1,34 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/deploy/terraform/.terraform.lock.hcl b/deploy/terraform/.terraform.lock.hcl
diff --git a/deploy/terraform/README.MD b/deploy/terraform/README.MD
@@ -0,0 +1,55 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.97.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.6.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_region-abbreviation-mapping"></a> [region-abbreviation-mapping](#module\_region-abbreviation-mapping) | PartTimeLegend/region-abbreviation-mapping/azure | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
+| [azurerm_key_vault_secret.token](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_linux_web_app.as](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_web_app) | resource |
+| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_service_plan.sp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/service_plan) | resource |
+| [random_string.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_app_name"></a> [app\_name](#input\_app\_name) | n/a | `string` | `"hammy"` | no |
+| <a name="input_app_service_sku_name"></a> [app\_service\_sku\_name](#input\_app\_service\_sku\_name) | n/a | `string` | `"P1v2"` | no |
+| <a name="input_container"></a> [container](#input\_container) | n/a | `string` | `"parttimelegend/hammy-mchamilton:latest"` | no |
+| <a name="input_container_registry"></a> [container\_registry](#input\_container\_registry) | n/a | `string` | `"https://ghcr.io"` | no |
+| <a name="input_discord_token"></a> [discord\_token](#input\_discord\_token) | n/a | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | n/a | `string` | n/a | yes |
+| <a name="input_keyvault_sku_name"></a> [keyvault\_sku\_name](#input\_keyvault\_sku\_name) | n/a | `string` | `"standard"` | no |
+| <a name="input_location"></a> [location](#input\_location) | n/a | `string` | `"UK South"` | no |
+| <a name="input_os_type"></a> [os\_type](#input\_os\_type) | n/a | `string` | `"Linux"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_app_name"></a> [app\_name](#output\_app\_name) | n/a |
+| <a name="output_environment"></a> [environment](#output\_environment) | n/a |
+| <a name="output_location"></a> [location](#output\_location) | n/a |
+| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | n/a |
+| <a name="output_service_plan_name"></a> [service\_plan\_name](#output\_service\_plan\_name) | n/a |
+| <a name="output_web_url"></a> [web\_url](#output\_web\_url) | n/a |
+<!-- END_TF_DOCS -->
diff --git a/deploy/terraform/data.tf b/deploy/terraform/data.tf
@@ -0,0 +1,2 @@
+data "azurerm_client_config" "current" {
+}
diff --git a/deploy/terraform/keyvault-secret.tf b/deploy/terraform/keyvault-secret.tf
@@ -0,0 +1,5 @@
+resource "azurerm_key_vault_secret" "token" {
+  name         = "DISCORDTOKEN"
+  value        = var.discord_token
+  key_vault_id = azurerm_key_vault.kv.id
+}
diff --git a/deploy/terraform/keyvault.tf b/deploy/terraform/keyvault.tf
@@ -0,0 +1,9 @@
+resource "azurerm_key_vault" "kv" {
+  name                        = "kv-${var.app_name}-${var.environment}-${local.region}-${random_string.random.result}"
+  location                    = azurerm_resource_group.rg.location
+  sku_name                    = var.keyvault_sku_name
+  resource_group_name         = azurerm_resource_group.rg.name
+  enabled_for_deployment      = true
+  enabled_for_disk_encryption = true
+  tenant_id                   = data.azurerm_client_config.current.tenant_id
+}
diff --git a/deploy/terraform/locals.tf b/deploy/terraform/locals.tf
@@ -0,0 +1,3 @@
+locals {
+  region = module.region-abbreviation-mapping.az_region_abbr_map[var.location]
+}
diff --git a/deploy/terraform/modules.tf b/deploy/terraform/modules.tf
@@ -0,0 +1,3 @@
+module "region-abbreviation-mapping" {
+  source = "PartTimeLegend/region-abbreviation-mapping/azure"
+}
diff --git a/deploy/terraform/outputs.tf b/deploy/terraform/outputs.tf
@@ -0,0 +1,23 @@
+output "web_url" {
+  value = azurerm_linux_web_app.as.default_hostname
+}
+
+output "service_plan_name" {
+  value = azurerm_service_plan.sp.name
+}
+
+output "app_name" {
+  value = azurerm_linux_web_app.as.name
+}
+
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
+
+output "location" {
+  value = azurerm_resource_group.rg.location
+}
+
+output "environment" {
+  value = var.environment
+}
diff --git a/deploy/terraform/providers.tf b/deploy/terraform/providers.tf
@@ -0,0 +1,3 @@
+provider "azurerm" {
+  features {}
+}
diff --git a/deploy/terraform/random.tf b/deploy/terraform/random.tf
@@ -0,0 +1,4 @@
+resource "random_string" "random" {
+  length  = 3
+  special = false
+}
diff --git a/deploy/terraform/resource-group.tf b/deploy/terraform/resource-group.tf
@@ -0,0 +1,4 @@
+resource "azurerm_resource_group" "rg" {
+  name     = "rg-${var.app_name}-${var.environment}-${local.region}-${random_string.random.result}"
+  location = var.location
+}
diff --git a/deploy/terraform/service-plan.tf b/deploy/terraform/service-plan.tf
@@ -0,0 +1,7 @@
+resource "azurerm_service_plan" "sp" {
+  name                = "plan-${var.app_name}-${var.environment}-${local.region}-${random_string.random.result}"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  os_type             = var.os_type
+  sku_name            = var.app_service_sku_name
+}
diff --git a/deploy/terraform/variables.tf b/deploy/terraform/variables.tf
@@ -0,0 +1,43 @@
+variable "environment" {
+  type = string
+}
+
+variable "location" {
+  type    = string
+  default = "UK South"
+}
+
+variable "discord_token" {
+  type      = string
+  sensitive = true
+}
+
+variable "app_name" {
+  type    = string
+  default = "hammy"
+}
+
+variable "container" {
+  type    = string
+  default = "parttimelegend/hammy-mchamilton:latest"
+}
+
+variable "container_registry" {
+  type    = string
+  default = "https://ghcr.io"
+}
+
+variable "os_type" {
+  type    = string
+  default = "Linux"
+}
+
+variable "app_service_sku_name" {
+  type    = string
+  default = "P1v2"
+}
+
+variable "keyvault_sku_name" {
+  type    = string
+  default = "standard"
+}
diff --git a/deploy/terraform/web-app.tf b/deploy/terraform/web-app.tf
@@ -0,0 +1,18 @@
+resource "azurerm_linux_web_app" "as" {
+  name                = "app-${var.app_name}-${var.environment}-${local.region}-${random_string.random.result}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  service_plan_id     = azurerm_service_plan.sp.id
+
+  site_config {
+    always_on = true
+    application_stack {
+      docker_image_name   = var.container
+      docker_registry_url = var.container_registry
+    }
+  }
+
+  app_settings = {
+    TOKEN = azurerm_key_vault_secret.token.value
+  }
+}