Merge pull request #2 from meatballhat/modernizing

Modernizing many things
4 years ago · 883213a3be
parent 1a1a670e10 21084e4f12
commit 883213a3be
6 changed files with 86 additions and 86 deletions
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@ -1,23 +1,18 @@
 name: terraform
-on: [push, pull_request]
+on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
 jobs:
  terraform:
    name: Terraform
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@master
+    - uses: actions/checkout@v2
-    - name: fmt
+    - uses: hashicorp/setup-terraform@v1
      uses: hashicorp/terraform-github-actions@master
      with:
-        tf_actions_version: 0.12.21
+        terraform_version: 0.13.0
-        tf_actions_subcommand: fmt
+    - run: terraform fmt -check -recursive
-    - name: init
+    - run: terraform init
-      uses: hashicorp/terraform-github-actions@master
+    - run: terraform validate
      with:
        tf_actions_version: 0.12.21
        tf_actions_subcommand: init
    - name: validate
      uses: hashicorp/terraform-github-actions@master
      with:
        tf_actions_version: 0.12.21
        tf_actions_subcommand: validate
--- a/.gitignore
+++ b/.gitignore
@ -1,29 +1,8 @@
 # Local .terraform directories
 **/.terraform/*
 # .tfstate files
 *.tfstate
 *.tfstate.*
-
+*_override.tf
-# Crash log files
+*_override.tf.json
 crash.log
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
 #
 # example.tfvars
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 #
 # !example_override.tf
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@ This is a terraform module that provisions a
 ## Terraform versions
-This module is compatible with Terraform version `0.12+`.
+This module is compatible with Terraform version `0.13+`.
 ## Usage
@ -27,7 +27,7 @@ module "digitalocean_spoke" {
  cert_certificate = file("path/to/cert.crt")
  env = {
    AUTH0_CLIENT_ID            = "8570285697946a0cc03f8049b9309d7e"
-    AUTH0_CLIENT_SECRET        = "1194435d32479ef99ed51a0a5f244cd5"
+    AUTH0_CLIENT_SECRET        = "1194435d32479ab99ed51a0a5f244cd5"
    AUTH0_DOMAIN               = "example.auth0.com"
    EMAIL_FROM                 = "admin@example.org"
    EMAIL_HOST                 = "mail.example.org"
@ -48,21 +48,29 @@ module "digitalocean_spoke" {
 }
 ```
 ## Requirements
 | Name | Version |
 |------|---------|
 | terraform | >= 0.13 |
 | digitalocean | >= 1.22 |
 ## Providers
 | Name | Version |
 |------|---------|
-| digitalocean | >= 1.14 |
+| digitalocean | >= 1.22 |
 | null | n/a |
 | random | n/a |
 ## Inputs
 | Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:-----:|
+|------|-------------|------|---------|:--------:|
 | base\_url | Fully qualified https URL of the app | `string` | n/a | yes |
 | cert\_certificate | Certificate with leaf and intermediates to pass to nginx | `string` | n/a | yes |
 | cert\_private\_key | Certificate key to pass to nginx | `string` | n/a | yes |
 | droplet\_image | Image to use when provisioning app droplet | `string` | `"ubuntu-20-04-x64"` | no |
 | droplet\_size | Size value passed when provisioning app droplet | `string` | `"s-1vcpu-1gb"` | no |
 | env | Arbitrary *additional* environment variables passed at build time and run time | `map(string)` | `{}` | no |
 | node\_env | Value defined at build time and run time as NODE\_ENV | `string` | `"production"` | no |
@ -71,7 +79,7 @@ module "digitalocean_spoke" {
 | region | Region in which all resources will be provisioned | `string` | `"nyc1"` | no |
 | resource\_prefix | Prefix prepended to resource names | `string` | `"spoke-"` | no |
 | server\_name | Server name used in nginx config | `string` | n/a | yes |
-| spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v5.2"` | no |
+| spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v8.0"` | no |
 | ssh\_keys | List of ssh public keys to pass to droplet provisioning | `list(string)` | n/a | yes |
 ## Outputs
--- a/main.tf
+++ b/main.tf
@ -7,7 +7,7 @@
 *
 * ## Terraform versions
 *
- * This module is compatible with Terraform version `0.12+`.
+ * This module is compatible with Terraform version `0.13+`.
 *
 * ## Usage
 *
@ -28,7 +28,7 @@
 *   cert_certificate = file("path/to/cert.crt")
 *   env = {
 *     AUTH0_CLIENT_ID            = "8570285697946a0cc03f8049b9309d7e"
- *     AUTH0_CLIENT_SECRET        = "1194435d32479ef99ed51a0a5f244cd5"
+ *     AUTH0_CLIENT_SECRET        = "1194435d32479ab99ed51a0a5f244cd5"
 *     AUTH0_DOMAIN               = "example.auth0.com"
 *     EMAIL_FROM                 = "admin@example.org"
 *     EMAIL_HOST                 = "mail.example.org"
@ -52,91 +52,106 @@
 terraform {
  required_providers {
-    digitalocean = ">= 1.14"
+    digitalocean = {
      source  = "digitalocean/digitalocean"
      version = ">= 1.22"
    }
    null = {
      source = "hashicorp/null"
    }
    random = {
      source = "hashicorp/random"
    }
  }
 }
-variable "server_name" {
+variable server_name {
  description = "Server name used in nginx config"
  type        = string
 }
-variable "base_url" {
+variable base_url {
  description = "Fully qualified https URL of the app"
  type        = string
 }
-variable "resource_prefix" {
+variable resource_prefix {
  description = "Prefix prepended to resource names"
  default     = "spoke-"
  type        = string
 }
-variable "node_options" {
+variable node_options {
  description = "Value defined at build time and run time as NODE_OPTIONS"
  default     = "--max_old_space_size=8192"
  type        = string
 }
-variable "node_env" {
+variable node_env {
  description = "Value defined at build time and run time as NODE_ENV"
  default     = "production"
  type        = string
 }
-variable "port" {
+variable port {
  description = "TCP port used to communicate between droplet and nginx"
  default     = "3000"
  type        = string
 }
-variable "droplet_size" {
+variable droplet_image {
  description = "Image to use when provisioning app droplet"
  default     = "ubuntu-20-04-x64"
  type        = string
 }
 variable droplet_size {
  description = "Size value passed when provisioning app droplet"
  default     = "s-1vcpu-1gb"
  type        = string
 }
-variable "region" {
+variable region {
  description = "Region in which all resources will be provisioned"
  default     = "nyc1"
  type        = string
 }
-variable "spoke_version" {
+variable spoke_version {
  description = "Git ref of MoveOnOrg/Spoke to deploy"
-  default     = "v5.2"
+  default     = "v8.0"
  type        = string
 }
-variable "ssh_keys" {
+variable ssh_keys {
  type        = list(string)
  description = "List of ssh public keys to pass to droplet provisioning"
 }
-variable "cert_private_key" {
+variable cert_private_key {
  description = "Certificate key to pass to nginx"
  type        = string
 }
-variable "cert_certificate" {
+variable cert_certificate {
  description = "Certificate with leaf and intermediates to pass to nginx"
  type        = string
 }
-variable "env" {
+variable env {
  description = "Arbitrary *additional* environment variables passed at build time and run time"
  default     = {}
  type        = map(string)
 }
-resource "digitalocean_ssh_key" "app" {
+resource digitalocean_ssh_key app {
  count      = length(var.ssh_keys)
  name       = "${var.resource_prefix}app-${count.index}"
  public_key = element(var.ssh_keys, count.index)
 }
-resource "digitalocean_droplet" "app" {
+resource digitalocean_droplet app {
-  image  = "ubuntu-18-04-x64"
+  image  = var.droplet_image
  name   = "${var.resource_prefix}app"
  region = var.region
  size   = var.droplet_size
@ -144,17 +159,17 @@ resource "digitalocean_droplet" "app" {
  ssh_keys = digitalocean_ssh_key.app[*].id
 }
-resource "digitalocean_floating_ip" "app" {
+resource digitalocean_floating_ip app {
  droplet_id = digitalocean_droplet.app.id
  region     = digitalocean_droplet.app.region
 }
-resource "digitalocean_firewall" "app" {
+resource digitalocean_firewall app {
  name = "pghdsa-spoke-app"
  droplet_ids = [digitalocean_droplet.app.id]
-  dynamic "inbound_rule" {
+  dynamic inbound_rule {
    for_each = ["22", "80", "443"]
    content {
      protocol         = "tcp"
@ -168,7 +183,7 @@ resource "digitalocean_firewall" "app" {
    source_addresses = ["0.0.0.0/0", "::/0"]
  }
-  dynamic "outbound_rule" {
+  dynamic outbound_rule {
    for_each = ["tcp", "udp"]
    content {
      protocol              = outbound_rule.value
@ -183,12 +198,12 @@ resource "digitalocean_firewall" "app" {
  }
 }
-resource "random_string" "session_secret" {
+resource random_string session_secret {
  length  = 199
  special = false
 }
-resource "random_string" "pg_password" {
+resource random_string pg_password {
  length = 31
 }
@ -216,7 +231,7 @@ locals {
  }, var.env)
 }
-resource "null_resource" "app_provision" {
+resource null_resource app_provision {
  triggers = {
    droplet_id            = digitalocean_droplet.app.id
    provision_script_sha1 = filesha1("${path.module}/spoke-app-provision")
@ -236,17 +251,17 @@ resource "null_resource" "app_provision" {
    host = digitalocean_droplet.app.ipv4_address
  }
-  provisioner "file" {
+  provisioner file {
    source      = "${path.module}/spoke-app-provision"
    destination = "/tmp/spoke-app-provision"
  }
-  provisioner "file" {
+  provisioner file {
    source      = "${path.module}/spoke-app-run"
    destination = "/tmp/spoke-app-run"
  }
-  provisioner "file" {
+  provisioner file {
    content = templatefile("${path.module}/nginx-sites-default.conf.tpl", {
      server_name = var.server_name,
      port        = var.port,
@ -254,32 +269,32 @@ resource "null_resource" "app_provision" {
    destination = "/tmp/nginx-sites-default.conf"
  }
-  provisioner "file" {
+  provisioner file {
    content     = var.cert_certificate
    destination = "/tmp/spoke.crt"
  }
-  provisioner "file" {
+  provisioner file {
    content     = var.cert_private_key
    destination = "/tmp/spoke.key"
  }
-  provisioner "file" {
+  provisioner file {
-    content = <<-ENV_TMPL
+    content = <<-ENVTMPL
 %{for key, value in local.env_map~}
 ${key}='${value}'
 %{endfor~}
-ENV_TMPL
+ENVTMPL
    destination = "/tmp/app.env"
  }
-  provisioner "file" {
+  provisioner file {
    source      = "${path.module}/spoke.service"
    destination = "/tmp/spoke.service"
  }
-  provisioner "remote-exec" {
+  provisioner remote-exec {
    inline = [
      "bash /tmp/spoke-app-provision system0",
      "sudo -H -u spoke bash /tmp/spoke-app-provision spoke0",
@ -288,22 +303,22 @@ ENV_TMPL
  }
 }
-output "droplet_urn" {
+output droplet_urn {
  description = "urn of the droplet suitable for adding to project resources"
  value       = digitalocean_droplet.app.urn
 }
-output "droplet_ipv4_address" {
+output droplet_ipv4_address {
  description = "ipv4 address of the droplet"
  value       = digitalocean_droplet.app.ipv4_address
 }
-output "floating_ip_address" {
+output floating_ip_address {
  description = "floating IP address assigned to the droplet suitable for creating a DNS A record"
  value       = digitalocean_floating_ip.app.ip_address
 }
-output "floating_ip_urn" {
+output floating_ip_urn {
  description = "urn of the floating IP address assigned to the droplet suitable for adding to project resources"
  value       = digitalocean_floating_ip.app.urn
 }
--- a/2
+++ b/2
@ -116,7 +116,7 @@ _run_spoke0() {
  if ! command -v nvm; then
    curl -fsSL \
-      https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.2/install.sh | bash
+      https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
    set +o errexit
    set +o xtrace
    # shellcheck source=/dev/null
--- a/versions.tf
+++ b/versions.tf
@ -0,0 +1,3 @@
 terraform {
  required_version = ">= 0.13"
 }