From aca25165d896a7b89c5d85177268029e8193db77 Mon Sep 17 00:00:00 2001 From: Sven Sauleau Date: Wed, 4 Jan 2023 11:55:24 +0000 Subject: [PATCH] MOW-85: add deploy --- .github/workflows/deploy.yml | 67 +++++++++++++++++++++++++++++ tf/main.tf | 83 ++++++++++++++++++++++++++++++++++++ 2 files changed, 150 insertions(+) create mode 100644 .github/workflows/deploy.yml create mode 100644 tf/main.tf diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..9430700 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,67 @@ +name: Deploy +on: + push: + pull_request: + repository_dispatch: +jobs: + deploy: + runs-on: ubuntu-latest + timeout-minutes: 60 + steps: + - uses: actions/checkout@v2 + - uses: hashicorp/setup-terraform@v2 + + - name: Setup node.js + uses: actions/setup-node@v3 + with: + node-version: 18 + + - name: Create D1 database + uses: cloudflare/wrangler-action@2.0.0 + with: + command: d1 create wildebeest-${{ github.actor }} + apiToken: ${{ secrets.CF_API_TOKEN }} + continue-on-error: true + env: + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} + + - name: retrieve D1 database + uses: cloudflare/wrangler-action@2.0.0 + with: + command: d1 list | grep wildebeest-${{ github.actor }} | awk '{print "d1_id="$2}' >> $GITHUB_ENV + apiToken: ${{ secrets.CF_API_TOKEN }} + env: + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} + + - name: migrate D1 database + uses: cloudflare/wrangler-action@2.0.0 + with: + command: d1 migrations apply wildebeest-${{ github.actor }} + apiToken: ${{ secrets.CF_API_TOKEN }} + env: + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} + + - name: Init + run: terraform init + working-directory: ./tf + + - name: Configure + run: terraform plan && terraform apply -auto-approve + working-directory: ./tf + env: + TF_VAR_cloudflare_account_id: ${{ secrets.CF_ACCOUNT_ID }} + TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} + TF_VAR_gh_username: ${{ github.actor }} + TF_VAR_d1_id: ${{ env.d1_id }} + + - name: Publish + uses: cloudflare/wrangler-action@2.0.0 + with: + apiToken: ${{ secrets.CF_API_TOKEN }} + preCommands: | + echo "*** pre commands ***" + yarn + echo "******" + command: pages publish --project-name=wildebeest-${{ github.actor }} . + env: + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} diff --git a/tf/main.tf b/tf/main.tf new file mode 100644 index 0000000..753d024 --- /dev/null +++ b/tf/main.tf @@ -0,0 +1,83 @@ +variable "cloudflare_account_id" { + type = string +} + +variable "cloudflare_api_token" { + type = string +} + +variable "gh_username" { + type = string +} + +variable "d1_id" { + type = string +} + +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "3.31.0" + } + + random = { + source = "hashicorp/random" + version = "3.4.3" + } + } +} + +provider "cloudflare" { + api_token = var.cloudflare_api_token +} + +resource "cloudflare_workers_kv_namespace" "wildebeest_cache" { + account_id = var.cloudflare_account_id + title = "wildebeest-cache" +} + +resource "random_string" "user_key" { + length = 256 + special = false +} + +resource "cloudflare_pages_project" "wildebeest_pages_project" { + account_id = var.cloudflare_account_id + name = "wildebeest-${var.gh_username}" + production_branch = "main" + build_config { + build_command = "yarn build" + destination_dir = "frontend/dist" + } + deployment_configs { + production { + environment_variables = { + /* API key with Cloudflare Images perms */ + CF_ACCOUNT_ID = "" + CF_API_TOKEN = "" + + USER_KEY = random_string.user_key.result + } + kv_namespaces = { + KV_CACHE = cloudflare_workers_kv_namespace.wildebeest_cache.id + } + d1_databases = { + D1_BINDING = var.d1_id + } + } + } +} + +resource "cloudflare_access_application" "wildebeest_access" { + account_id = var.cloudflare_account_id + name = "wildebeest-${var.gh_username}" + domain = "${cloudflare_pages_project.wildebeest_pages_project.subdomain}/oauth/authorize" + type = "self_hosted" + session_duration = "168h" + auto_redirect_to_identity = false +} + +output "access_aud" { + value = cloudflare_access_application.wildebeest_access.aud +}