terraform (#983)

* terraform

* format

* config missing

* fix env name

* read namespace

* temp env

* use new tunnel hostname

* remove cloudflare tunnel from deployment.tf

* switch hosts

* set default env

---------

Co-authored-by: bread <[email protected]>

Author: AnatoleAM

.env.production

@@ -1,7 +1,6 @@
 NODE_ENV=production
 VITE_APP_TITLE="7TV"
 VITE_APP_API_GQL="https://7tv.io/v3/gql"
-VITE_APP_API_GQL_WS="wss://7tv.io/v3/gql"
 VITE_APP_API_EVENTS="wss://events.7tv.io/v3"
 VITE_APP_API_REST="https://7tv.io/v3"
 VITE_APP_API_EGVAULT="https://egvault.7tv.io"

.env.staging

@@ -1,11 +1,10 @@
 NODE_ENV=production
 VITE_APP_ENV=stage
 VITE_APP_TITLE="7TV (Stage)"
-VITE_APP_API_GQL="https://stage.7tv.io/v3/gql"
-VITE_APP_API_GQL_WS="wss://stage.7tv.io/v3/gql"
-VITE_APP_API_EVENTS="wss://events.stage.7tv.io/v3"
-VITE_APP_API_REST="https://stage.7tv.io/v3"
-VITE_APP_API_EGVAULT="https://egvault.stage.7tv.io"
+VITE_APP_API_GQL="https://7tv.foo/v3/gql"
+VITE_APP_API_EVENTS="wss://events.7tv.foo/v3"
+VITE_APP_API_REST="https://7tv.foo/v3"
+VITE_APP_API_EGVAULT="https://egvault.7tv.foo"
 VITE_APP_OLD="https://old.7tv.dev"
 VITE_APP_FA_PRO=true
 VITE_APP_LOCALES=en_US,da_DK,de_DE,hu_HU,fr_FR,ko_KR,en_PT,pt_BR,es_ES,es_419,ru_RU,sv_SE

.github/workflows/ci.yaml

@@ -13,27 +13,26 @@ on:
             - labeled
     workflow_dispatch:
         inputs:
-            deploy:
-                description: "Deploy location"
-                required: true
-                default: "none"
-                type: choice
-                options:
-                    - production
-                    - staging
-                    - none
+          deploy:
+            description: "Which environment to deploy to"
+            required: true
+            default: "none"
+            type: choice
+            options:
+              - prod
+              - test
 
 concurrency:
     group: ${{ github.workflow }}-${{ github.ref }}
     cancel-in-progress: true
 
+env:
+    DEPLOY: ${{ (inputs.deploy != 'none' && inputs.deploy) || ((github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'prod') || (github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'master') && 'prod') || ((github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'stage') || (github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'dev') || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'staged')) && 'test') || 'none' }}
+
 jobs:
     ci:
         name: Website Lint, Build, Test, Deploy
         runs-on: aws-runner
-        env:
-            DEPLOY_PROD: ${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'production') || (github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'master') }}
-            DEPLOY_STAGE: ${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'staging') || (github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'dev') || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'staged')) }}
         concurrency:
             group: ${{ github.workflow }}-ci-${{ github.ref }}
             cancel-in-progress: true
@@ -89,62 +88,158 @@ jobs:
               run: make lint
 
             - name: Build App
-              run: make ${{ (env.DEPLOY_PROD == 'true' && 'prod') || 'stage' }}
-
-            - name: Configure AWS credentials
-              uses: aws-actions/configure-aws-credentials@v1
-              if: ${{ env.DEPLOY_PROD == 'true' || env.DEPLOY_STAGE == 'true' }}
-              with:
-                  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-                  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-                  aws-region: ${{ secrets.AWS_REGION }}
-
-            - name: Login to Amazon ECR
-              id: login-ecr
-              if: ${{ env.DEPLOY_PROD == 'true' || env.DEPLOY_STAGE == 'true' }}
-              uses: aws-actions/amazon-ecr-login@v1
+              run: make ${{ env.DEPLOY != 'none' && env.DEPLOY || 'stage' }}
 
             - name: Make build context
-              if: ${{ env.DEPLOY_PROD == 'true' || env.DEPLOY_STAGE == 'true' }}
+              if: env.DEPLOY != 'none'
               run: |
                   docker context create builders
 
             - name: Setup buildx
               uses: docker/setup-buildx-action@v2
-              if: ${{ env.DEPLOY_PROD == 'true' || env.DEPLOY_STAGE == 'true' }}
+              if: env.DEPLOY != 'none'
               with:
                   install: true
                   endpoint: builders
 
+            - name: Login to GitHub Container Registry
+              uses: docker/login-action@v2
+              if: env.DEPLOY != 'none'
+              with:
+                  registry: ghcr.io
+                  username: ${{ github.actor }}
+                  password: ${{ github.token }}
+
             - name: Build docker image
-              uses: docker/build-push-action@v3
-              if: ${{ env.DEPLOY_PROD == 'true' || env.DEPLOY_STAGE == 'true' }}
+              uses: docker/build-push-action@v4
+              if: env.DEPLOY != 'none'
               with:
                   context: .
                   file: docker/partial.Dockerfile
                   tags: |
-                      ${{ steps.login-ecr.outputs.registry }}/${{ (env.DEPLOY_PROD == 'true' && '7tv') || '7tv-stage' }}/website:latest
-                      ${{ steps.login-ecr.outputs.registry }}/${{ (env.DEPLOY_PROD == 'true' && '7tv') || '7tv-stage' }}/website:${{ github.sha }}
+                      ghcr.io/seventv/website:${{ env.DEPLOY }}-${{ github.sha }}
+                      ghcr.io/seventv/website:${{ env.DEPLOY }}-latest
                   push: true
 
-            - name: Update deployment template
-              uses: danielr1996/[email protected]
-              if: ${{ env.DEPLOY_PROD == 'true' || env.DEPLOY_STAGE == 'true' }}
-              env:
-                  IMAGE: ${{ steps.login-ecr.outputs.registry }}/${{ (env.DEPLOY_PROD == 'true' && '7tv') || '7tv-stage' }}/website:${{ github.sha }}
-              with:
-                  input: k8s/${{ (env.DEPLOY_PROD == 'true' && 'production') || 'staging' }}.template.yaml
-                  output: k8s/deploy.yaml
+    validate:
+        name: API Deploy Validation
+        needs: ci
+        runs-on: ubuntu-latest
+        permissions:
+            pull-requests: write
+        defaults:
+            run:
+                working-directory: ./terraform
 
-            - name: Setup Kubectl
-              uses: azure/[email protected]
+        steps:
+            - name: Checkout code
+              id: ok
+              if: env.DEPLOY != 'none'
+              uses: actions/checkout@v3
+
+            - name: "Setup Terraform"
+              if: steps.ok.outcome == 'success'
+              uses: hashicorp/setup-terraform@v1
+              with:
+                  cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
-            - name: Deploy to k8s
-              if: ${{ env.DEPLOY_PROD == 'true' || env.DEPLOY_STAGE == 'true' }}
+            - name: "Terraform Init"
+              if: steps.ok.outcome == 'success'
+              id: init
               env:
-                  KUBE_CONFIG_DATA: ${{ (env.DEPLOY_PROD == 'true' && secrets.KUBECONFIG) || secrets.KUBECONFIG_STAGE }}
+                  TF_WORKSPACE: ${{ env.DEPLOY }}
+              run: terraform init
+              continue-on-error: true
+
+            - name: "Terraform Workspace"
+              if: steps.ok.outcome == 'success'
+              run: terraform workspace select -or-create=true ${{ env.DEPLOY }}
+
+            - name: Terraform fmt
+              if: steps.ok.outcome == 'success'
+              id: fmt
+              run: terraform fmt -check
+              continue-on-error: true
+
+            - name: Terraform Validate
+              if: steps.ok.outcome == 'success'
+              id: validate
+              run: terraform validate -no-color
+
+            - name: Terraform Variables
+              if: steps.ok.outcome == 'success'
               run: |
-                  mkdir -p ~/.kube
-                  (echo $KUBE_CONFIG_DATA | base64 -d) >> ~/.kube/config
+                  cat <<EOF > *.auto.tfvars
+                    image_url="ghcr.io/seventv/website:${{ env.DEPLOY }}-${{ github.sha }}"
+                    image_pull_policy="IfNotPresent"
 
-                  kubectl apply -f k8s/deploy.yaml
+                  EOF
+
+            - name: "Terraform Plan"
+              if: steps.ok.outcome == 'success'
+              id: plan
+              run: terraform plan -no-color
+
+            - uses: actions/github-script@v6
+              if: steps.ok.outcome == 'success' && github.event_name == 'pull_request'
+              env:
+                  PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+              with:
+                  github-token: ${{ secrets.GITHUB_TOKEN }}
+                  script: |
+                      // 1. Retrieve existing bot comments for the PR
+                      const { data: comments } = await github.rest.issues.listComments({
+                        owner: context.repo.owner,
+                        repo: context.repo.repo,
+                        issue_number: context.issue.number,
+                      })
+                      const botComment = comments.find(comment => {
+                        return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
+                      })
+
+                      // 2. Prepare format of the comment
+                      const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+                      #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+                      #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+                      <details><summary>Validation Output</summary>
+
+                      \`\`\`\n
+                      ${{ steps.validate.outputs.stdout }}
+                      \`\`\`
+
+                      </details>
+
+                      #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+                      <details><summary>Show Plan</summary>
+
+                      \`\`\`\n
+                      ${process.env.PLAN}
+                      \`\`\`
+
+                      </details>
+
+                      *Actor: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+                      // 3. If we have a comment, update it, otherwise create a new one
+                      if (botComment) {
+                        github.rest.issues.updateComment({
+                          owner: context.repo.owner,
+                          repo: context.repo.repo,
+                          comment_id: botComment.id,
+                          body: output
+                        })
+                      } else {
+                        github.rest.issues.createComment({
+                          issue_number: context.issue.number,
+                          owner: context.repo.owner,
+                          repo: context.repo.repo,
+                          body: output
+                        })
+                      }
+
+            - name: "Terraform Apply"
+              if: steps.ok.outcome == 'success'
+              id: apply
+              run: terraform apply -no-color -auto-approve
+              continue-on-error: true

.gitignore

@@ -92,3 +92,17 @@ sw.*
 
 /server/out
 stats.html
+
+# Terraform local state files
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+*.tfplan
+crash.log
+*.tfvars
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+.terraformrc
+terraform.rc

.vscode/settings.json

@@ -2,5 +2,8 @@
 	"editor.formatOnSave": true,
 	"javascript.preferences.importModuleSpecifier": "project-relative",
 	"javascript.preferences.quoteStyle": "double",
-	"editor.defaultFormatter": "esbenp.prettier-vscode"
+	"editor.defaultFormatter": "esbenp.prettier-vscode",
+	"[terraform]": {
+		"editor.defaultFormatter": "hashicorp.terraform"
+	}
 }

Makefile

@@ -25,3 +25,9 @@ deps:
 dev_deps:
 	yarn
 	$(MAKE) -C server dev_deps
+
+terraform:
+	terraform -chdir=./terraform init
+
+deploy:
+	terraform -chdir=./terraform apply -auto-approve

docker/full.Dockerfile

@@ -1,9 +1,14 @@
 FROM node:18 as node-builder
 	WORKDIR /tmp/build
+	ARG FA_TOKEN="<none>"
+	ENV FA_TOKEN=${FA_TOKEN}
 
 	COPY package.json .
 	COPY yarn.lock .
 
+	RUN npm config set "@fortawesome:registry" https://npm.fontawesome.com/
+	RUN npm config set '//npm.fontawesome.com/:_authToken' $(echo ${FA_TOKEN})
+
 	RUN yarn && apt-get update && \
         apt-get install -y \
             make && \
@@ -12,7 +17,6 @@ FROM node:18 as node-builder
         rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
 
 	COPY . .
-
 	ARG MODE=production
 
 	RUN make ${MODE}

terraform/.terraform.lock.hcl

@@ -0,0 +1,3 @@
+GQL_API_URL: ${gql_api_url}
+WEBSITE_URL: ${website_url}
+WEBSITE_BIND: "0.0.0.0:3000"