diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 0000000..bc9bb29 --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,111 @@ +name: Terraform CI/CD + +on: + push: + branches: [ main, develop ] + paths: + - 'environments/**' + - 'modules/**' + - '.github/workflows/terraform.yml' + pull_request: + branches: [ main ] + paths: + - 'environments/**' + - 'modules/**' + - '.github/workflows/terraform.yml' + workflow_dispatch: + +jobs: + terraform-validate: + name: Validate Terraform + runs-on: ubuntu-latest + + permissions: + contents: read + + strategy: + matrix: + environment: [dev, prod] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.0 + + - name: Terraform Format Check + run: terraform fmt -check -recursive + continue-on-error: true + + - name: Terraform Init + working-directory: environments/${{ matrix.environment }} + run: terraform init -backend=false + + - name: Terraform Validate + working-directory: environments/${{ matrix.environment }} + run: terraform validate + + terraform-plan: + name: Plan Terraform Changes + runs-on: ubuntu-latest + needs: terraform-validate + if: github.event_name == 'pull_request' + + permissions: + contents: read + pull-requests: write + + strategy: + matrix: + environment: [dev] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.0 + + - name: Terraform Init + working-directory: environments/${{ matrix.environment }} + run: terraform init -backend=false + + - name: Terraform Plan + working-directory: environments/${{ matrix.environment }} + run: terraform plan -no-color + + terraform-apply: + name: Apply Terraform Changes + runs-on: ubuntu-latest + needs: terraform-validate + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + + permissions: + contents: read + + strategy: + matrix: + environment: [dev] + max-parallel: 1 + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.0 + + - name: Terraform Init + working-directory: environments/${{ matrix.environment }} + run: terraform init -backend=false + + - name: Terraform Apply + working-directory: environments/${{ matrix.environment }} + run: terraform apply -auto-approve diff --git a/.gitignore b/.gitignore index f0fe2c5..5451530 100644 --- a/.gitignore +++ b/.gitignore @@ -95,3 +95,17 @@ solana/ **/.env* solana/ + +# Terraform +**/.terraform/ +**/.terraform.lock.hcl +**/terraform.tfstate +**/terraform.tfstate.backup +**/*.tfvars +**/*.tfvars.json +**/override.tf +**/override.tf.json +**/*_override.tf +**/*_override.tf.json +.terraformrc +terraform.rc diff --git a/environments/dev/backend.tf b/environments/dev/backend.tf new file mode 100644 index 0000000..4fa5129 --- /dev/null +++ b/environments/dev/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "my-terraform-state" + key = "dev/terraform.tfstate" + region = "eu-central-1" + dynamodb_table = "terraform-locks" + encrypt = true + } +} diff --git a/environments/dev/main.tf b/environments/dev/main.tf new file mode 100644 index 0000000..dc9ec45 --- /dev/null +++ b/environments/dev/main.tf @@ -0,0 +1,73 @@ +terraform { + required_version = ">= 1.6.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } +} + +provider "aws" { + region = var.aws_region + + default_tags { + tags = { + Environment = "dev" + Project = "SolVoid" + ManagedBy = "Terraform" + } + } +} + +# Example resource - VPC +resource "aws_vpc" "main" { + cidr_block = var.vpc_cidr + enable_dns_hostnames = true + enable_dns_support = true + + tags = { + Name = "${var.project_name}-vpc-dev" + } +} + +# Example resource - Subnet +resource "aws_subnet" "public" { + vpc_id = aws_vpc.main.id + cidr_block = var.public_subnet_cidr + map_public_ip_on_launch = true + + tags = { + Name = "${var.project_name}-public-subnet-dev" + } +} + +# Example resource - Internet Gateway +resource "aws_internet_gateway" "main" { + vpc_id = aws_vpc.main.id + + tags = { + Name = "${var.project_name}-igw-dev" + } +} + +# Example resource - Route Table +resource "aws_route_table" "public" { + vpc_id = aws_vpc.main.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.main.id + } + + tags = { + Name = "${var.project_name}-public-rt-dev" + } +} + +# Example resource - Route Table Association +resource "aws_route_table_association" "public" { + subnet_id = aws_subnet.public.id + route_table_id = aws_route_table.public.id +} diff --git a/environments/dev/variables.tf b/environments/dev/variables.tf new file mode 100644 index 0000000..a33b192 --- /dev/null +++ b/environments/dev/variables.tf @@ -0,0 +1,29 @@ +variable "aws_region" { + description = "AWS region for infrastructure deployment" + type = string + default = "us-east-1" +} + +variable "project_name" { + description = "Project name for resource naming" + type = string + default = "solvoid" +} + +variable "vpc_cidr" { + description = "CIDR block for VPC" + type = string + default = "10.0.0.0/16" +} + +variable "public_subnet_cidr" { + description = "CIDR block for public subnet" + type = string + default = "10.0.1.0/24" +} + +variable "environment" { + description = "Environment name" + type = string + default = "dev" +}