Modernizing many things

- use hashicorp/setup-terraform action
- bump terraform requirement to 0.13
- bump digitalocean provider requirement to 1.22
- bump to latest nvm
- remove a bunch of unnecessary quotes
main
Dan Buch 4 years ago
parent 1a1a670e10
commit afde778e29
Signed by: meatballhat
GPG Key ID: 9685130D8B763EA7

@ -1,23 +1,18 @@
name: terraform
on: [push, pull_request]
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
terraform:
name: Terraform
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: fmt
uses: hashicorp/terraform-github-actions@master
- uses: actions/checkout@v2
- uses: hashicorp/setup-terraform@v1
with:
tf_actions_version: 0.12.21
tf_actions_subcommand: fmt
- name: init
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.12.21
tf_actions_subcommand: init
- name: validate
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.12.21
tf_actions_subcommand: validate
terraform_version: 0.13.0
- run: terraform fmt -check -recursive
- run: terraform init
- run: terraform validate

25
.gitignore vendored

@ -1,29 +1,8 @@
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
*_override.tf
*_override.tf.json
crash.log
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
#
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*

@ -6,7 +6,7 @@ This is a terraform module that provisions a
## Terraform versions
This module is compatible with Terraform version `0.12+`.
This module is compatible with Terraform version `0.13+`.
## Usage
@ -48,21 +48,28 @@ module "digitalocean_spoke" {
}
```
## Requirements
| Name | Version |
|------|---------|
| digitalocean | >= 1.22 |
## Providers
| Name | Version |
|------|---------|
| digitalocean | >= 1.14 |
| digitalocean | >= 1.22 |
| null | n/a |
| random | n/a |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:-----:|
|------|-------------|------|---------|:--------:|
| base\_url | Fully qualified https URL of the app | `string` | n/a | yes |
| cert\_certificate | Certificate with leaf and intermediates to pass to nginx | `string` | n/a | yes |
| cert\_private\_key | Certificate key to pass to nginx | `string` | n/a | yes |
| droplet\_image | Image to use when provisioning app droplet | `string` | `"ubuntu-20-04-x64"` | no |
| droplet\_size | Size value passed when provisioning app droplet | `string` | `"s-1vcpu-1gb"` | no |
| env | Arbitrary *additional* environment variables passed at build time and run time | `map(string)` | `{}` | no |
| node\_env | Value defined at build time and run time as NODE\_ENV | `string` | `"production"` | no |
@ -71,7 +78,7 @@ module "digitalocean_spoke" {
| region | Region in which all resources will be provisioned | `string` | `"nyc1"` | no |
| resource\_prefix | Prefix prepended to resource names | `string` | `"spoke-"` | no |
| server\_name | Server name used in nginx config | `string` | n/a | yes |
| spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v5.2"` | no |
| spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v8.0"` | no |
| ssh\_keys | List of ssh public keys to pass to droplet provisioning | `list(string)` | n/a | yes |
## Outputs

@ -7,7 +7,7 @@
*
* ## Terraform versions
*
* This module is compatible with Terraform version `0.12+`.
* This module is compatible with Terraform version `0.13+`.
*
* ## Usage
*
@ -52,91 +52,97 @@
terraform {
required_providers {
digitalocean = ">= 1.14"
digitalocean = ">= 1.22"
}
}
variable "server_name" {
variable server_name {
description = "Server name used in nginx config"
type = string
}
variable "base_url" {
variable base_url {
description = "Fully qualified https URL of the app"
type = string
}
variable "resource_prefix" {
variable resource_prefix {
description = "Prefix prepended to resource names"
default = "spoke-"
type = string
}
variable "node_options" {
variable node_options {
description = "Value defined at build time and run time as NODE_OPTIONS"
default = "--max_old_space_size=8192"
type = string
}
variable "node_env" {
variable node_env {
description = "Value defined at build time and run time as NODE_ENV"
default = "production"
type = string
}
variable "port" {
variable port {
description = "TCP port used to communicate between droplet and nginx"
default = "3000"
type = string
}
variable "droplet_size" {
variable droplet_image {
description = "Image to use when provisioning app droplet"
default = "ubuntu-20-04-x64"
type = string
}
variable droplet_size {
description = "Size value passed when provisioning app droplet"
default = "s-1vcpu-1gb"
type = string
}
variable "region" {
variable region {
description = "Region in which all resources will be provisioned"
default = "nyc1"
type = string
}
variable "spoke_version" {
variable spoke_version {
description = "Git ref of MoveOnOrg/Spoke to deploy"
default = "v5.2"
default = "v8.0"
type = string
}
variable "ssh_keys" {
variable ssh_keys {
type = list(string)
description = "List of ssh public keys to pass to droplet provisioning"
}
variable "cert_private_key" {
variable cert_private_key {
description = "Certificate key to pass to nginx"
type = string
}
variable "cert_certificate" {
variable cert_certificate {
description = "Certificate with leaf and intermediates to pass to nginx"
type = string
}
variable "env" {
variable env {
description = "Arbitrary *additional* environment variables passed at build time and run time"
default = {}
type = map(string)
}
resource "digitalocean_ssh_key" "app" {
resource digitalocean_ssh_key app {
count = length(var.ssh_keys)
name = "${var.resource_prefix}app-${count.index}"
public_key = element(var.ssh_keys, count.index)
}
resource "digitalocean_droplet" "app" {
image = "ubuntu-18-04-x64"
resource digitalocean_droplet app {
image = var.droplet_image
name = "${var.resource_prefix}app"
region = var.region
size = var.droplet_size
@ -144,17 +150,17 @@ resource "digitalocean_droplet" "app" {
ssh_keys = digitalocean_ssh_key.app[*].id
}
resource "digitalocean_floating_ip" "app" {
resource digitalocean_floating_ip app {
droplet_id = digitalocean_droplet.app.id
region = digitalocean_droplet.app.region
}
resource "digitalocean_firewall" "app" {
resource digitalocean_firewall app {
name = "pghdsa-spoke-app"
droplet_ids = [digitalocean_droplet.app.id]
dynamic "inbound_rule" {
dynamic inbound_rule {
for_each = ["22", "80", "443"]
content {
protocol = "tcp"
@ -168,7 +174,7 @@ resource "digitalocean_firewall" "app" {
source_addresses = ["0.0.0.0/0", "::/0"]
}
dynamic "outbound_rule" {
dynamic outbound_rule {
for_each = ["tcp", "udp"]
content {
protocol = outbound_rule.value
@ -183,12 +189,12 @@ resource "digitalocean_firewall" "app" {
}
}
resource "random_string" "session_secret" {
resource random_string session_secret {
length = 199
special = false
}
resource "random_string" "pg_password" {
resource random_string pg_password {
length = 31
}
@ -216,7 +222,7 @@ locals {
}, var.env)
}
resource "null_resource" "app_provision" {
resource null_resource app_provision {
triggers = {
droplet_id = digitalocean_droplet.app.id
provision_script_sha1 = filesha1("${path.module}/spoke-app-provision")
@ -236,17 +242,17 @@ resource "null_resource" "app_provision" {
host = digitalocean_droplet.app.ipv4_address
}
provisioner "file" {
provisioner file {
source = "${path.module}/spoke-app-provision"
destination = "/tmp/spoke-app-provision"
}
provisioner "file" {
provisioner file {
source = "${path.module}/spoke-app-run"
destination = "/tmp/spoke-app-run"
}
provisioner "file" {
provisioner file {
content = templatefile("${path.module}/nginx-sites-default.conf.tpl", {
server_name = var.server_name,
port = var.port,
@ -254,32 +260,32 @@ resource "null_resource" "app_provision" {
destination = "/tmp/nginx-sites-default.conf"
}
provisioner "file" {
provisioner file {
content = var.cert_certificate
destination = "/tmp/spoke.crt"
}
provisioner "file" {
provisioner file {
content = var.cert_private_key
destination = "/tmp/spoke.key"
}
provisioner "file" {
content = <<-ENV_TMPL
provisioner file {
content = <<-ENVTMPL
%{for key, value in local.env_map~}
${key}='${value}'
%{endfor~}
ENV_TMPL
ENVTMPL
destination = "/tmp/app.env"
}
provisioner "file" {
provisioner file {
source = "${path.module}/spoke.service"
destination = "/tmp/spoke.service"
}
provisioner "remote-exec" {
provisioner remote-exec {
inline = [
"bash /tmp/spoke-app-provision system0",
"sudo -H -u spoke bash /tmp/spoke-app-provision spoke0",
@ -288,22 +294,22 @@ ENV_TMPL
}
}
output "droplet_urn" {
output droplet_urn {
description = "urn of the droplet suitable for adding to project resources"
value = digitalocean_droplet.app.urn
}
output "droplet_ipv4_address" {
output droplet_ipv4_address {
description = "ipv4 address of the droplet"
value = digitalocean_droplet.app.ipv4_address
}
output "floating_ip_address" {
output floating_ip_address {
description = "floating IP address assigned to the droplet suitable for creating a DNS A record"
value = digitalocean_floating_ip.app.ip_address
}
output "floating_ip_urn" {
output floating_ip_urn {
description = "urn of the floating IP address assigned to the droplet suitable for adding to project resources"
value = digitalocean_floating_ip.app.urn
}

@ -116,7 +116,7 @@ _run_spoke0() {
if ! command -v nvm; then
curl -fsSL \
https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.2/install.sh | bash
https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
set +o errexit
set +o xtrace
# shellcheck source=/dev/null

Loading…
Cancel
Save