buildrun-tech · brunograna · Jun 2, 2024 · Jun 1, 2024 · Jun 2, 2024
diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml
@@ -0,0 +1,20 @@
+name: "DEV DEPLOY"
+
+on:
+  push:
+    branches:
+      - develop
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    with:
+      environment: dev
+      aws-assume-role-arn: "arn:aws:iam::{{ sua conta aws }}:role/{{ nome da role }}"
+      aws-region: "sa-east-1"
+      aws-statefile-s3-bucket: "{{ nome do bucket s3 }}"
+      aws-lock-dynamodb-table: "{{ nome da tabela do dynamodb }}"
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,20 @@
+name: "PROD DEPLOY"
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    with:
+      environment: prod
+      aws-assume-role-arn: "arn:aws:iam::{{ sua conta aws }}:role/{{ nome da role }}"
+      aws-region: "sa-east-1"
+      aws-statefile-s3-bucket: "{{ nome do bucket s3 }}"
+      aws-lock-dynamodb-table: "{{ nome da tabela do dynamodb }}"
diff --git a/.github/workflows/terraform-dev.yml b/.github/workflows/terraform-dev.yml
diff --git a/.github/workflows/terraform-prod.yml b/.github/workflows/terraform-prod.yml
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -0,0 +1,81 @@
+name: "Terraform Workflow"
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        required: true
+      aws-assume-role-arn:
+        type: string
+        required: true
+      aws-region:
+        type: string
+        required: true
+      aws-statefile-s3-bucket:
+        type: string
+        required: true
+      aws-lock-dynamodb-table:
+        type: string
+        required: true
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.8.3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ inputs.aws-assume-role-arn }}
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: ${{ inputs.aws-region }}
+
+      - name: Read destroy configuration
+        id: read-destroy-config
+        run: |
+          DESTROY="$(jq -r '.${{ inputs.environment }}' ./infra/destroy_config.json)"
+          echo "destroy=$(echo $DESTROY)" >> $GITHUB_OUTPUT
+
+      - name: Terraform Init
+        run: |
+          cd infra && terraform init \
+            -backend-config="bucket=${{ inputs.aws-statefile-s3-bucket }}" \
+            -backend-config="key=${{ github.event.repository.name }}" \
+            -backend-config="region=${{ inputs.aws-region }}" \
+            -backend-config="dynamodb_table=${{ inputs.aws-lock-dynamodb-table }}"
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Terraform Destroy
+        if: steps.read-destroy-config.outputs.destroy == 'true'
+        id: terraform-destroy
+        run: cd infra &&
+          terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} &&
+          terraform destroy -var-file="./envs/${{ inputs.environment }}/terraform.tfvars" -auto-approve
+
+      - name: Terraform Plan
+        if: steps.read-destroy-config.outputs.destroy != 'true'
+        id: terraform-plan
+        run: cd infra &&
+          terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} &&
+          terraform plan -var-file="./envs/${{ inputs.environment }}/terraform.tfvars" -out="${{ inputs.environment }}.plan"
+
+      - name: Terraform Apply
+        if: steps.read-destroy-config.outputs.destroy != 'true'
+        id: terraform-apply
+        run: cd infra &&
+          terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} &&
+          terraform apply "${{ inputs.environment }}.plan"
diff --git a/infra/envs/dev/terraform.tfvars b/infra/envs/dev/terraform.tfvars
@@ -1 +1 @@
-bucket_name="dev-buildrun-pipeline-123-bucket"
+bucket_name="dev-sa-east-1-buildrun-video-pipeline"
diff --git a/infra/envs/prod/terraform.tfvars b/infra/envs/prod/terraform.tfvars
@@ -1 +1 @@
-bucket_name="prod-buildrun-pipeline-123-bucket"
+bucket_name="prod-sa-east-1-buildrun-video-pipeline"
diff --git a/infra/main.tf b/infra/main.tf
@@ -1,3 +1,3 @@
-resource "aws_s3_bucket" "myBucket" {
+resource "aws_s3_bucket" "bucket" {
   bucket = var.bucket_name
 }
diff --git a/infra/providers.tf → infra/provider.tf b/infra/providers.tf → infra/provider.tf
diff --git a/infra/variables.tf b/infra/variables.tf
@@ -1,3 +1,3 @@
 variable "bucket_name" {
-  nullable = false
+  type = string
 }
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		bucket_name="dev-buildrun-pipeline-123-bucket"
		bucket_name="dev-sa-east-1-buildrun-video-pipeline"
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		bucket_name="prod-buildrun-pipeline-123-bucket"
		bucket_name="prod-sa-east-1-buildrun-video-pipeline"