feat: modular terraform aligning to best practices (#148)

* feat: modular terraform aligning to best practices

* fix: module versions

* fix: deployer

* fix

* fix

* fix: vars

* more fixes

* fix: vars

* some more fixes

* fix db cluster name var

* hanlde plan failure when cluster is blank

* trying to see if the fix branch works

* upgrade common modules

* fix: api cpu

* comment until fixed

* fix: tags

* fix provider for waf

* fix: provider

* adding provider to tg

* fix: provider

* Update infra/variables.tf

Co-authored-by: Copilot <[email protected]>

* Update infra/variables.tf

Co-authored-by: Copilot <[email protected]>

* Update .github/workflows/.deployer.yml

Co-authored-by: Copilot <[email protected]>

* Update infra/modules/api/main.tf

Co-authored-by: Copilot <[email protected]>

* Update terragrunt/terragrunt.hcl

Co-authored-by: Copilot <[email protected]>

* fix: env var

* fix: the outputs

* fix: output in root module

---------

Co-authored-by: Copilot <[email protected]>

Author: mishraomp

.github/workflows/.deploy_stack.yml

@@ -90,46 +90,23 @@ jobs:
     name: Stack Prefix
     needs: ecr
     uses: ./.github/workflows/.stack-prefix.yml
-  deploy-db:
-    name: Deploys Database
+  deploy:
+    name: Deploys
     needs: [stack-prefix]
     uses: ./.github/workflows/.deployer.yml
     with:
       environment_name: ${{ inputs.environment_name }}
       command: ${{ inputs.command }}
-      working_directory: database
       app_env: ${{ inputs.app_env }}
       stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
-    secrets: inherit
-  deploy-api:
-    name: Deploys API
-    needs: [deploy-db, stack-prefix]
-    uses: ./.github/workflows/.deployer.yml
-    with:
-      environment_name: ${{ inputs.environment_name }}
-      command: ${{ inputs.command }}
       tag: ${{ inputs.tag }}
-      app_env: ${{ inputs.app_env }}
-      working_directory: api
-      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
-    secrets: inherit
-  deploy-cloudfront:
-    name: Deploys Cloudfront
-    needs: [stack-prefix]
-    uses: ./.github/workflows/.deployer.yml
-    with:
-      environment_name: ${{ inputs.environment_name }}
-      command: ${{ inputs.command }}
-      tag: ${{ inputs.tag }}
-      app_env: ${{ inputs.app_env }}
-      working_directory: frontend
-      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
     secrets: inherit
+  
   build-ui:
     name: Build And upload UI to s3 ${{ inputs.environment_name }}
     environment: ${{ inputs.environment_name }}
     if: (inputs.command == 'apply')
-    needs: [deploy-api, deploy-cloudfront]
+    needs: [deploy]
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout
@@ -149,9 +126,9 @@ jobs:
       - name: Build And Update UI (CF)
         working-directory: frontend
         env:
-          VITE_API_BASE_URL: ${{ needs.deploy-api.outputs.API_GW_URL }}/api
-          S3_BUCKET_ARN: ${{ needs.deploy-cloudfront.outputs.S3_BUCKET_ARN }}
-          CF_DISTRIBUTION_ID: ${{ needs.deploy-cloudfront.outputs.CF_DISTRIBUTION_ID }}
+          VITE_API_BASE_URL: ${{ needs.deploy.outputs.API_GW_URL }}/api
+          S3_BUCKET_ARN: ${{ needs.deploy.outputs.S3_BUCKET_ARN }}
+          CF_DISTRIBUTION_ID: ${{ needs.deploy.outputs.CF_DISTRIBUTION_ID }}
         run: |
           npm run deploy
           aws s3 sync --delete ./dist s3://$(echo "$S3_BUCKET_ARN" | cut -d: -f6)

.github/workflows/.deployer.yml

@@ -14,11 +14,7 @@ on:
         required: true
         default: 'apply'
         type: string
-      working_directory:
-        description: 'The working directory to run the command in'
-        required: true
-        default: 'database'
-        type: string
+
       tag:
         description: 'The tag of the containers to deploy'
         default: 'latest'
@@ -37,6 +33,8 @@ on:
         value: ${{ jobs.infra.outputs.API_GW_URL }}
       S3_BUCKET_ARN:
         value: ${{ jobs.infra.outputs.S3_BUCKET_ARN }}
+      S3_BUCKET_NAME:
+        value: ${{ jobs.infra.outputs.S3_BUCKET_NAME }}
       CF_DOMAIN:
         value: ${{ jobs.infra.outputs.CF_DOMAIN }}
       CF_DISTRIBUTION_ID:
@@ -45,21 +43,22 @@ on:
 env:
   TG_VERSION: 0.63.6
   TF_VERSION: 1.12.2
-  TG_SRC_PATH: terraform/${{ inputs.working_directory }}
+  TG_SRC_PATH: terragrunt
   AWS_REGION: ca-central-1
 permissions:
   id-token: write # This is required for requesting the JWT
   contents: write # This is required for actions/checkout
 jobs:
  infra:
   environment: ${{ inputs.environment_name }}
-  name: Terraform ${{inputs.command}} ${{inputs.working_directory}} ${{inputs.app_env}}
+  name: Terragrunt ${{inputs.command}} ${{inputs.app_env}}
   runs-on: ubuntu-24.04
   outputs:
-    API_GW_URL: ${{ steps.tg-outputs.outputs.API_GW_URL }}
-    S3_BUCKET_ARN: ${{ steps.tg-outputs-frontend.outputs.S3_BUCKET_ARN }}
-    CF_DOMAIN: ${{ steps.tg-outputs-frontend.outputs.CF_DOMAIN }}
-    CF_DISTRIBUTION_ID: ${{ steps.tg-outputs-frontend.outputs.CF_DISTRIBUTION_ID }}
+    API_GW_URL: ${{ steps.tg.outputs.API_GW_URL }}
+    S3_BUCKET_ARN: ${{ steps.tg.outputs.S3_BUCKET_ARN }}
+    S3_BUCKET_NAME: ${{ steps.tg.outputs.S3_BUCKET_NAME }}
+    CF_DOMAIN: ${{ steps.tg.outputs.CF_DOMAIN }}
+    CF_DISTRIBUTION_ID: ${{ steps.tg.outputs.CF_DISTRIBUTION_ID }}
   steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -91,7 +90,8 @@ jobs:
       with:
         terragrunt-version: ${{ env.TG_VERSION }}
     - name: Terragrunt ${{inputs.command}}
-      working-directory: terraform/${{ inputs.working_directory }}/${{ inputs.environment_name }}
+      id: tg
+      working-directory: terragrunt/${{ inputs.environment_name }}
       env:
         target_env: ${{ inputs.environment_name }}
         aws_license_plate: ${{ secrets.AWS_LICENSE_PLATE }}
@@ -100,46 +100,17 @@ jobs:
         app_env: ${{inputs.app_env}}
         stack_prefix: ${{ inputs.stack_prefix }}
         repo_name: ${{ github.event.repository.name }}
-        terrgrunt_command: ${{ inputs.command }}
+        terragrunt_command: ${{ inputs.command }}
       run: |
         # Run terraform
         terragrunt run-all ${{inputs.command}} --terragrunt-non-interactive
-    - name: Terragrunt API Outputs
-      if: (inputs.working_directory == 'api'  && inputs.command == 'apply')
-      working-directory: terraform/${{ inputs.working_directory }}/${{ inputs.environment_name }}
-      id: tg-outputs
-      env:
-        target_env: ${{ inputs.environment_name }}
-        aws_license_plate: ${{ secrets.AWS_LICENSE_PLATE }}
-        api_image: ${{ steps.image-tags.outputs.api-image }}
-        flyway_image: ${{ steps.image-tags.outputs.flyway-image }}
-        app_env: ${{inputs.app_env}}
-        stack_prefix: ${{ inputs.stack_prefix }}
-        repo_name: ${{ github.event.repository.name }}
-        terrgrunt_command: ${{ inputs.command }}
-      run: |
         terragrunt output -json > outputs.json
         #print the output
         cat outputs.json
-        echo "API_GW_URL=$(jq -r .apigw_url.value outputs.json)" >> $GITHUB_OUTPUT
-    - name: Terragrunt Frontend Outputs
-      if: (inputs.working_directory == 'frontend' && inputs.command == 'apply')
-      working-directory: terraform/${{ inputs.working_directory }}/${{ inputs.environment_name }}
-      id: tg-outputs-frontend
-      env:
-        target_env: ${{ inputs.environment_name }}
-        aws_license_plate: ${{ secrets.AWS_LICENSE_PLATE }}
-        api_image: ${{ steps.image-tags.outputs.api-image }}
-        flyway_image: ${{ steps.image-tags.outputs.flyway-image }}
-        app_env: ${{inputs.app_env}}
-        stack_prefix: ${{ inputs.stack_prefix }}
-        repo_name: ${{ github.event.repository.name }}
-        terrgrunt_command: ${{ inputs.command }}
-      run: |
-        terragrunt output -json > outputs.json
-        #print the output
-        cat outputs.json
-        
-        echo "S3_BUCKET_ARN=$(jq -r .s3_bucket_arn.value outputs.json)" >> $GITHUB_OUTPUT
+
+        echo "S3_BUCKET_ARN=$(jq -r .frontend_bucket.value.arn outputs.json)" >> $GITHUB_OUTPUT
+        echo "S3_BUCKET_NAME=$(jq -r .frontend_bucket.value.name outputs.json)" >> $GITHUB_OUTPUT
         echo "CF_DOMAIN=$(jq -r .cloudfront.value.domain_name outputs.json)" >> $GITHUB_OUTPUT
-        echo "CF_DISTRIBUTION_ID=$(jq -r .cloudfront.value.distribution_id outputs.json)" >> $GITHUB_OUTPUT
+        echo "CF_DISTRIBUTION_ID=$(jq -r .cloudfront.value.distribution_id outputs.json)" >> $GITHUB_OUTPUT
+        echo "API_GW_URL=$(jq -r .apigw_url.value outputs.json)" >> $GITHUB_OUTPUT
+        

.github/workflows/.destroy_stack.yml

@@ -32,40 +32,15 @@ jobs:
   stack-prefix:
     name: Stack Prefix
     uses: ./.github/workflows/.stack-prefix.yml
-  api:
-    name: Destroy API
+  destroy:
+    name: Destroy
     needs: [stack-prefix]
     uses: ./.github/workflows/.deployer.yml
     with:
       environment_name: ${{ inputs.environment_name }}
       command: ${{ inputs.command }}
-      tag: ${{ inputs.tag }}
       app_env: ${{ inputs.app_env }}
-      working_directory: api
-      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
-    secrets: inherit
-  db:
-    name: Destroy Database
-    needs: [stack-prefix, api]
-    uses: ./.github/workflows/.deployer.yml
-    with:
-      environment_name: ${{ inputs.environment_name }}
-      command: ${{ inputs.command }}
-      working_directory: database
-      app_env: ${{ inputs.app_env }}
-      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
-    secrets: inherit
-
-  cloudfront:
-    name: Destroy Cloudfront
-    needs: [stack-prefix]
-    uses: ./.github/workflows/.deployer.yml
-    with:
-      environment_name: ${{ inputs.environment_name }}
-      command: ${{ inputs.command }}
-      tag: ${{ inputs.tag }}
-      app_env: ${{ inputs.app_env }}
-      working_directory: frontend
       stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
     secrets: inherit
 
+  

.github/workflows/pr-open.yml

@@ -51,25 +51,25 @@ jobs:
     with:
       tag: ${{ github.event.number || 'latest' }} 
 
-  resume-resources-dev:
-    name: Resume Resources Dev
-    if: (github.event_name == 'workflow_dispatch')
-    concurrency:
-      group: rrd-${{ github.event.number || 'latest' }}
-      cancel-in-progress: false
-    needs: [builds]
-    uses: ./.github/workflows/resume-resources.yml
-    with:
-      app_env: dev
-    secrets: inherit
+  # resume-resources-dev:
+  #   name: Resume Resources Dev
+  #   if: (github.event_name == 'workflow_dispatch')
+  #   concurrency:
+  #     group: rrd-${{ github.event.number || 'latest' }}
+  #     cancel-in-progress: false
+  #   needs: [builds]
+  #   uses: ./.github/workflows/resume-resources.yml
+  #   with:
+  #     app_env: dev
+  #   secrets: inherit
 
   deploy-to-dev:
     name: Deploy to Dev
     if: (github.event_name == 'workflow_dispatch')
     concurrency:
       group: deploy-dev-${{ github.event.number || 'latest' }}
       cancel-in-progress: false
-    needs: [resume-resources-dev, plan-stack]
+    #needs: [resume-resources-dev, plan-stack]
     uses: ./.github/workflows/.deploy_stack.yml
     with:
       environment_name: prod # ::change it to:: dev , template repo only has PROD