Merge pull request #2 from Heider1988/develop

Develop

Author: Heider1988

.github/workflows/developer.yml

@@ -0,0 +1,20 @@
+name: "DEV DEPLOY"
+
+on:
+  push:
+    branches:
+      - develop
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    with:
+      enviroment: dev
+      aws-assume-role-arn: "arn:aws:iam::243637693710:role/github-actions-heideroliveira-pipeline"
+      aws-region: "sa-east-1"
+      aws-statefile-s3-bucket: "heider1988-sa-east-1-terraform-statefile"
+      aws-lock-dynamodb-table: "heider1988-sa-east-1-terraform-lock"

.github/workflows/main.yml

@@ -0,0 +1,20 @@
+name: "PROD DEPLOY"
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    with:
+      enviroment: prod
+      aws-assume-role-arn: "arn:aws:iam::243637693710:role/github-actions-heideroliveira-pipeline"
+      aws-region: "sa-east-1"
+      aws-statefile-s3-bucket: "heider1988-sa-east-1-terraform-statefile"
+      aws-lock-dynamodb-table: "heider1988-sa-east-1-terraform-lock"

.github/workflows/terraform.yml

@@ -0,0 +1,74 @@
+name: "Terraform Workflow"
+
+on:
+  workflow_call:
+    inputs:
+      enviroment:
+        type: string
+        required: true
+      aws-assume-role-arn:
+        type: string
+        required: true
+      aws-region:
+        type: string
+        required: true
+      aws-statefile-s3-bucket:
+        type: string
+        required: true
+      aws-lock-dynamodb-table:
+        type: string
+        required: true
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.8.3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ inputs.aws-assume-role-arn}}
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: ${{ inputs.aws-region}}
+
+      - name: Terraform Init
+        run: |
+          cd infra && terraform init \
+            -backend-config="bucket=${{inputs.aws-statefile-s3-bucket}}" \
+            -backend-config="key=${{github.event.repository.name}}" \
+            -backend-config="region=${{inputs.aws-region}}" \
+            -backend-config="dynamodb_table=${{inputs.aws-lock-dynamodb-table}}"
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Terraform Plan
+        id: terraform-plan
+        run: cd infra &&
+          terraform workspace select ${{inputs.enviroment}} || terraform workspace new ${{inputs.enviroment}} &&
+          terraform plan -var-file="./envs/${{inputs.enviroment}}/terraform.tfvars" -out="${{inputs.enviroment}}.plan"
+
+      - name: Terraform Apply
+        id: terraform-apply
+        run: cd infra &&
+          terraform workspace select ${{inputs.enviroment}} || terraform workspace new ${{inputs.enviroment}} &&
+          terraform apply "${{inputs.enviroment}}.plan"
+
+
+
+
+
+
+
+

.gitignore

@@ -31,3 +31,6 @@ build/
 
 ### VS Code ###
 .vscode/
+
+### terraform ###
+.terraform

infra/main.tf

@@ -1,3 +1,9 @@
 resource "aws_s3_bucket" "bucket" {
-  bucket = var.bucket_name
-}
+  bucket = "${var.bucket_name}-${random_string.bucket_suffix.result}"
+}
+
+resource "random_string" "bucket_suffix" {
+  length  = 8
+  special = false
+  upper   = false
+}