MOW-85: add deploy

2023-01-04 11:55:24 +00:00 · 2023-01-04 11:55:24 +00:00 · aca25165d8
commit aca25165d8
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -0,0 +1,67 @@
+name: Deploy
+on:
+  push:
+  pull_request:
+  repository_dispatch:
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hashicorp/setup-terraform@v2
+
+      - name: Setup node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - name: Create D1 database
+        uses: cloudflare/wrangler-action@2.0.0
+        with:
+          command: d1 create wildebeest-${{ github.actor }}
+          apiToken: ${{ secrets.CF_API_TOKEN }}
+        continue-on-error: true
+        env:
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
+
+      - name: retrieve D1 database
+        uses: cloudflare/wrangler-action@2.0.0
+        with:
+          command: d1 list | grep wildebeest-${{ github.actor }} | awk '{print "d1_id="$2}' >> $GITHUB_ENV
+          apiToken: ${{ secrets.CF_API_TOKEN }}
+        env:
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
+
+      - name: migrate D1 database
+        uses: cloudflare/wrangler-action@2.0.0
+        with:
+          command: d1 migrations apply wildebeest-${{ github.actor }}
+          apiToken: ${{ secrets.CF_API_TOKEN }}
+        env:
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
+
+      - name: Init
+        run: terraform init
+        working-directory: ./tf
+
+      - name: Configure
+        run: terraform plan && terraform apply -auto-approve
+        working-directory: ./tf
+        env:
+          TF_VAR_cloudflare_account_id: ${{ secrets.CF_ACCOUNT_ID }}
+          TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }}
+          TF_VAR_gh_username: ${{ github.actor }}
+          TF_VAR_d1_id: ${{ env.d1_id }}
+
+      - name: Publish
+        uses: cloudflare/wrangler-action@2.0.0
+        with:
+          apiToken: ${{ secrets.CF_API_TOKEN }}
+          preCommands: |
+            echo "*** pre commands ***"
+            yarn
+            echo "******"
+          command: pages publish --project-name=wildebeest-${{ github.actor }} .
+        env:
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
--- a/tf/main.tf
+++ b/tf/main.tf
@ -0,0 +1,83 @@
+variable "cloudflare_account_id" {
+  type = string
+}
+
+variable "cloudflare_api_token" {
+  type = string
+}
+
+variable "gh_username" {
+  type = string
+}
+
+variable "d1_id" {
+  type = string
+}
+
+terraform {
+  required_providers {
+    cloudflare = {
+      source = "cloudflare/cloudflare"
+      version = "3.31.0"
+    }
+
+    random = {
+      source = "hashicorp/random"
+      version = "3.4.3"
+    }
+  }
+}
+
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
+resource "cloudflare_workers_kv_namespace" "wildebeest_cache" {
+  account_id = var.cloudflare_account_id
+  title = "wildebeest-cache"
+}
+
+resource "random_string" "user_key" {
+  length           = 256
+  special          = false
+}
+
+resource "cloudflare_pages_project" "wildebeest_pages_project" {
+  account_id = var.cloudflare_account_id
+  name              = "wildebeest-${var.gh_username}"
+  production_branch = "main"
+  build_config {
+      build_command       = "yarn build"
+      destination_dir     = "frontend/dist"
+  }
+  deployment_configs {
+    production {
+      environment_variables = {
+        /* API key with Cloudflare Images perms */
+        CF_ACCOUNT_ID = ""
+        CF_API_TOKEN  = ""
+
+        USER_KEY = random_string.user_key.result
+      }
+      kv_namespaces = {
+        KV_CACHE = cloudflare_workers_kv_namespace.wildebeest_cache.id
+      }
+      d1_databases = {
+        D1_BINDING = var.d1_id
+      }
+    }
+  }
+}
+
+resource "cloudflare_access_application" "wildebeest_access" {
+  account_id                = var.cloudflare_account_id
+  name                      = "wildebeest-${var.gh_username}"
+  domain                    = "${cloudflare_pages_project.wildebeest_pages_project.subdomain}/oauth/authorize"
+  type                      = "self_hosted"
+  session_duration          = "168h"
+  auto_redirect_to_identity = false
+}
+
+output "access_aud" {
+  value = cloudflare_access_application.wildebeest_access.aud
+}