ref: add default values for required variables & fixed EC2 security g…

…roup name issue
B3ns44d · Sep 16, 2024 · 8063638 · 8063638
1 parent 74bfae1
commit 8063638
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 42 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -13,53 +13,40 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v1
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.8.5"
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
 
       - name: Initialize Terraform
-        run: terraform init -upgrade
+        run: terraform init -backend-config="bucket=${{ secrets.S3_BUCKET }}" -backend-config="region=${{ secrets.AWS_DEFAULT_REGION }}"
         working-directory: infra/provisioning
 
       - name: Terraform Plan
         run: terraform plan -lock-timeout=600s -compact-warnings -out=plan.tfplan
         working-directory: infra/provisioning
-
-      - name: Upload Terraform Plan Artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: terraform-plan
-          path: infra/provisioning/plan.tfplan
-
-  apply-terraform:
-    name: Apply Terraform Plan
-    runs-on: ubuntu-latest
-    needs: provision-infrastructure
-    environment: dev
-
-    steps:
-      - name: Checkout the repository
-        uses: actions/checkout@v2
-
-      - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v1
-
-      - name: Download Terraform Plan Artifact
-        uses: actions/download-artifact@v3
-        with:
-          name: terraform-plan
+        env:
+          TF_VAR_key_pair: ${{ secrets.TF_VAR_KEY_PAIR }}
 
       - name: Apply Terraform Plan
         run: terraform apply "plan.tfplan"
         working-directory: infra/provisioning
 
       - name: Get EC2 instance public IP
         id: get_ip
-        run: echo "::set-output name=ec2_public_ip::$(terraform output -raw ec2_public_ip)"
+        run: echo "EC2_PUBLIC_IP=$(terraform output -raw ec2_public_ip)" >> $GITHUB_ENV
         working-directory: infra/provisioning
 
   deploy-stack:
     name: Deploy Monitoring Stack with Ansible
     runs-on: ubuntu-latest
-    needs: apply-terraform
+    needs: provision-infrastructure
 
     steps:
       - name: Checkout the repository
@@ -68,10 +55,17 @@ jobs:
       - name: Install Ansible
         run: sudo apt-get install -y ansible
 
+      - name: Create SSH Key File
+        run: |
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ssh_key.pem
+          chmod 600 ssh_key.pem
+        working-directory: infra/deployment
+
       - name: Create Ansible inventory
         run: |
           echo "[gbfs]" > inventory.ini
-          echo "gbfs-instance ansible_host=${{ steps.get_ip.outputs.ec2_public_ip }} ansible_user=ec2-user ansible_ssh_private_key_file=${{ secrets.SSH_PRIVATE_KEY }} ansible_ssh_common_args='-o StrictHostKeyChecking=no'" >> inventory.ini
+          echo "gbfs-instance ansible_host=${{ env.EC2_PUBLIC_IP }} ansible_user=ec2-user ansible_ssh_private_key_file=ssh_key.pem ansible_ssh_common_args='-o StrictHostKeyChecking=no'" >> inventory.ini
+        working-directory: infra/deployment
 
       - name: Deploy GBFS Monitoring Stack
         run: ansible-playbook playbooks/gbfs.yaml -i inventory.ini

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,7 +8,8 @@ on:
   push:
     branches:
       - master
-      - main
+    paths:
+      - 'exporter/**'
   release:
     types: [published]
 

diff --git a/infra/provisioning/00-inputs.tf b/infra/provisioning/00-inputs.tf
@@ -1,40 +1,42 @@
 variable "region" {
   description = "AWS region"
+  default     = "eu-north-1"
   type        = string
 }
 
 variable "bucket" {
   description = "S3 bucket name to store Terraform state"
-  type        = string
-}
-
-variable "key" {
-  description = "Path to store Terraform state within the S3 bucket"
+  default     = "gbfs-terraform-state"
   type        = string
 }
 
 variable "vpc_cidr_block" {
   description = "CIDR block for the VPC"
+  default     = "10.0.0.0/16"
   type        = string
 }
 
 variable "subnet_cidr_block" {
   description = "CIDR block for the subnet"
+  default     = "10.0.1.0/24"
   type        = string
 }
 
 variable "env_name" {
   description = "Environment name (e.g., dev, prod)"
+  default     = "dev"
   type        = string
 }
 
 variable "ami_id" {
   description = "AMI ID for EC2 instance"
+  default     = "ami-0c6da69dd16f45f72"
   type        = string
 }
 
 variable "instance_type" {
   description = "EC2 instance type"
+  default     = "t3.micro"
   type        = string
 }
 

diff --git a/infra/provisioning/02-providers.tf b/infra/provisioning/02-providers.tf
@@ -5,7 +5,7 @@ provider "aws" {
 terraform {
   backend "s3" {
     bucket = var.bucket
-    key    = var.key
+    key    = "terraform.tfstate"
     region = var.region
   }
 }
diff --git a/infra/provisioning/03-modules.tf b/infra/provisioning/03-modules.tf
@@ -16,7 +16,7 @@ module "ec2" {
   ami_id            = var.ami_id
   instance_type     = var.instance_type
   subnet_id         = module.network.subnet_id
-  security_group_id = module.security_group.security_group_id
+  security_group_name = module.security_group.security_group_name
   key_pair          = var.key_pair
   env_name          = var.env_name
   depends_on        = [

diff --git a/infra/provisioning/modules/ec2/01-inputs.tf b/infra/provisioning/modules/ec2/01-inputs.tf
@@ -13,8 +13,8 @@ variable "subnet_id" {
   type        = string
 }
 
-variable "security_group_id" {
-  description = "ID of the security group"
+variable "security_group_name" {
+  description = "Name of the security group"
   type        = string
 }
 

diff --git a/infra/provisioning/modules/ec2/02-instance.tf b/infra/provisioning/modules/ec2/02-instance.tf
@@ -1,9 +1,14 @@
 resource "aws_instance" "gbfs_monitoring" {
+  lifecycle {
+    ignore_changes = [
+      security_groups
+    ]
+  }
   ami                         = var.ami_id
   instance_type               = var.instance_type
   subnet_id                   = var.subnet_id
   key_name                    = var.key_pair
-  security_groups             = [var.security_group_id]
+  security_groups             = [var.security_group_name]
   associate_public_ip_address = true
   tags = {
     Name = "${var.env_name}-gbfs-monitoring-instance"

diff --git a/infra/provisioning/modules/security_group/03-outputs.tf b/infra/provisioning/modules/security_group/03-outputs.tf
@@ -1,3 +1,3 @@
-output "security_group_id" {
-  value = aws_security_group.main.id
+output "security_group_name" {
+  value = aws_security_group.main.name
 }