initial terraform usage commit

transcom · Aug 29, 2024 · b6b5a09 · b6b5a09
1 parent 45f0ba0
commit b6b5a09
Show file tree

Hide file tree

Showing 4 changed files with 94 additions and 4 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -2,7 +2,7 @@ version: 2.1
 
 references:
   circleci-docker: &circleci-docker milmove/circleci-docker:milmove-app-ab729849a08a773ea2557b19b67f378551d1ad3d
-  # tf132-docker: &tf132-docker milmove/circleci-docker:milmove-infra-tf132-ab729849a08a773ea2557b19b67f378551d1ad3d
+  tf132-docker: &tf132-docker milmove/circleci-docker:milmove-infra-tf132-ab729849a08a773ea2557b19b67f378551d1ad3d
 
 executors:
   # Additional docker images are utilized without executors further below
@@ -35,6 +35,13 @@ executors:
         auth:
           password: $DOCKER_PASSWORD
           username: $DOCKER_USERNAME
+  terraform_executor:
+    working_directory: ~/transcom/trdm-lambda
+    docker:
+      - image: *tf132-docker
+        auth:
+          password: $DOCKER_PASSWORD
+          username: $DOCKER_USERNAME
 jobs:
   test:
     executor: mymove_compiler
@@ -210,6 +217,43 @@ jobs:
             source version.env
             echo "Releasing version v$VERSION to GitHub"
             scripts/release $CIRCLE_PROJECT_USERNAME $CIRCLE_PROJECT_REPONAME "v$VERSION"
+  plan:
+    executor: terraform_executor
+    steps:
+      - attach_workspace:
+          at: ~/transcom/trdm-lambda/workspace
+      - run:
+          name: Fetch infrasec repo and set vars
+          command: |
+            # tmp pull the non-ato env
+            git clone https://github.com/transcom/transcom-infrasec-gov-nonato.git
+            # tmp set directory to exp
+            TERRAFORM_DIRECTORY=transcom-infrasec-gov-nonato/transcom-gov-milmove-exp/app-experimental/
+            # set to file for the apply job
+            echo "TERRAFORM_DIRECTORY=$TERRAFORM_DIRECTORY" > ~/transcom/trdm-lambda/workspace/terraform_directory.env
+      - run:
+          name: Terraform plan
+          command: |
+            # Execute the terraform init and plan script
+            ~/transcom/trdm-lambda/workspace/scripts/plan $TERRAFORM_DIRECTORY
+      - persist_to_workspace:
+          root: ~/transcom/trdm-lambda/workspace
+          paths:
+            - transcom-infrasec-gov-nonato/
+  apply:
+    executor: terraform_executor
+    working_directory: ~/transcom/trdm-lambda/workspace
+    steps:
+      - attach_workspace:
+          at: ~/transcom/trdm-lambda/workspace
+      - run:
+          name: Load necessary env vars
+          command: source terraform_directory.env
+      - run:
+          name: Apply terraform plan
+          command: |
+            # Execute the terraform apply script
+            ~/transcom/trdm-lambda/workspace/scripts/apply $TERRAFORM_DIRECTORY
 
   # Deploy to AWS
   deploy:
@@ -263,7 +307,25 @@ workflows:
           #     only: /^v.*/
       - deploy:
           requires:
-            - release # Only run deploy job once the build job has completed
+            - release
+      - plan:
+          requires:
+            - deploy
+      - approve:
+          type: approval
+          context:
+            - Workflow Approvers
+          requires:
+            - build
+      - auth_check:
+          requires:
+            - approve
+          filters:
+            branches:
+              only: main
+      - apply:
+          requires:
+            - auth_check
           # filters:
           #   branches:
           #   - main # Only deploy when the commit is on the Main branch
diff --git a/scripts/apply b/scripts/apply
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e -o pipefail -x
+
+usage() {
+    echo "Usage: $0 <DIRECTORY>"
+    exit 1
+}
+[[ -z $1 ]] && usage
+
+readonly DIRECTORY="$1"
+
+# Apply terraform plan for the given directory
+terraform -chdir=$DIRECTORY apply -auto-approve
diff --git a/scripts/deploy-lambda b/scripts/deploy-lambda
@@ -37,5 +37,3 @@ echo "Uploaded ${ENVIRONMENT} deployment package to S3: s3://${S3_BUCKET}/${S3_K
 # This allows us to automate terraform while maintaining version management for each environment
 aws ssm put-parameter --name "/trdm-lambda/version" --value "${VERSION}" --type String --overwrite
 echo "Updated ${ENVIRONMENT} SSM parameter store with version: ${VERSION}"
-
-# TODO: Apply terraform
diff --git a/scripts/plan b/scripts/plan
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e -o pipefail -x
+
+usage() {
+    echo "Usage: $0 <DIRECTORY>"
+    exit 1
+}
+[[ -z $1 ]] && usage
+
+readonly DIRECTORY="$1"
+
+# Init and plan terraform
+# Currently input parameters are not utilized
+terraform -chdir=$DIRECTORY init
+terraform -chdir=$DIRECTORY plan