From 961989197c9298a8c21a0148c41aac006f99718b Mon Sep 17 00:00:00 2001 From: Katalina Okano Date: Fri, 11 Dec 2020 00:16:03 -0500 Subject: [PATCH] add bot deploy --- .github/workflows/deploy.yml | 10 +--- terraform/bot.tf | 92 ++++++++++++++++++++++++++++++++ terraform/variables.tf | 26 ++++++++- terraform/variables/prod.tfvars | 4 +- terraform/variables/stage.tfvars | 4 +- 5 files changed, 124 insertions(+), 12 deletions(-) create mode 100644 terraform/bot.tf diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 499f7a7..d722fdd 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -25,7 +25,6 @@ jobs: runs-on: ubuntu-latest outputs: ui_tag: ${{ steps.tags.outputs.ui_tag }} - bot_tag: ${{ steps.tags.outputs.bot_tag }} steps: - uses: actions/checkout@master @@ -91,13 +90,6 @@ jobs: retag_push $UI_IMAGE_SRC asia-$UI_IMAGE_DEST_BASE echo ::set-output name=ui_tag::@$(get_digest $UI_IMAGE_SRC) - BOT_IMAGE_SRC=ghcr.io/roleypoly/bot${{github.event.inputs.bot_tag}} - BOT_IMAGE_DEST_BASE=docker.pkg.dev/roleypoly/roleypoly/bot:${{github.event.inputs.environment}} - - docker pull $BOT_IMAGE_SRC - retag_push $BOT_IMAGE_SRC us-$BOT_IMAGE_DEST_BASE - echo ::set-output name=bot_tag::@$(get_digest $BOT_IMAGE_SRC) - deploy_terraform: runs-on: ubuntu-latest needs: @@ -142,7 +134,7 @@ jobs: working-directory: ./terraform run: | echo \ - '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{needs.docker_sync.outputs.bot_tag}}", "api_path_to_worker": "./worker-dist/backend-worker.js"}' \ + '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{github.event.inputs.bot_tag}}", "api_path_to_worker": "./worker-dist/backend-worker.js"}' \ | jq . \ | tee tags.auto.tfvars.json diff --git a/terraform/bot.tf b/terraform/bot.tf new file mode 100644 index 0000000..c0dc5bf --- /dev/null +++ b/terraform/bot.tf @@ -0,0 +1,92 @@ +locals { + botTag = var.bot_tag == "" ? ":main" : var.bot_tag + botRegion = var.gcp_region +} + +data "google_compute_zones" "gcp_zones" { + region = local.botRegion + status = "UP" +} + +resource "random_integer" "zone_index" { + min = 0 + max = length(data.google_compute_zones.gcp_zones.names) - 1 + keepers = { + region = local.botRegion + envtag = var.environment_tag + } +} + +data "google_compute_subnetwork" "default_subnet" { + name = "default" + region = local.botRegion +} + +module "gce_container" { + source = "github.com/terraform-google-modules/terraform-google-container-vm?ref=v2.0.0" + restart_policy = "Always" +} + +locals { + container = { + image = "ghcr.io/roleypoly/bot${local.botTag}" + restart_policy = "Always" + env = [ + { + name = "BOT_TOKEN", + value = var.bot_token + }, + { + name = "BOT_CLIENT_ID", + value = var.bot_client_id + }, + { + name = "UI_PUBLIC_URI", + value = var.ui_public_uri + } + ] + } + + // generate container spec due to secret passing issues with terraform + specWithSecrets = { + spec = { + containers = [local.container] + } + } + + containerMetadataWithSecrets = yamlencode(local.specWithSecrets) + + vmName = "roleypoly-bot-${var.environment_tag}-${substr(md5(local.containerMetadataWithSecrets), 0, 8)}" +} + +resource "google_compute_instance" "bot" { + count = var.deploy_bot == true ? 1 : 0 + + name = local.vmName + machine_type = var.bot_instance_size + zone = data.google_compute_zones.gcp_zones.names[random_integer.zone_index.result] + + boot_disk { + initialize_params { + image = module.gce_container.source_image + } + } + + network_interface { + subnetwork = data.google_compute_subnetwork.default_subnet.self_link + access_config { + network_tier = "STANDARD" + } + } + + metadata = { + gce-container-declaration = local.containerMetadataWithSecrets + image = local.container.image + environment = var.environment_tag + google-logging-enabled = "true" + } + + labels = { + container-vm = module.gce_container.vm_container_label + } +} \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 8e8ef7d..749b690 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -15,7 +15,7 @@ variable "ui_regions" { variable "ui_tag" { type = string - description = "Specific tag to deploy" + description = ":tag or @sha265: of *-docker.pkg.dev/roleypoly/roleypoly/ui" default = "" } @@ -30,6 +30,12 @@ variable "bot_client_secret" { sensitive = true } +variable "bot_token" { + type = string + description = "Bot Client Secret" + sensitive = true +} + variable "ui_public_uri" { type = string description = "UI Public Base Path" @@ -50,3 +56,21 @@ variable "root_users" { type = list(string) description = "Root users to use for role elevation calculations" } + +variable "deploy_bot" { + type = bool + default = false + description = "Bot is an optional piece of the system. It's only typically deployed in prod." +} + +variable "bot_instance_size" { + type = string + default = "f1-micro" + description = "Google Compute Engine VM size" +} + +variable "bot_tag" { + type = string + default = "" + description = ":tag or @sha265: of ghcr.io/roleypoly/bot" +} \ No newline at end of file diff --git a/terraform/variables/prod.tfvars b/terraform/variables/prod.tfvars index 821be3d..eb61748 100644 --- a/terraform/variables/prod.tfvars +++ b/terraform/variables/prod.tfvars @@ -8,4 +8,6 @@ ui_regions = [ "australia-southeast1", "asia-northeast1", "asia-southeast1" -] \ No newline at end of file +] +deploy_bot = true +bot_instance_size = "e2-micro" \ No newline at end of file diff --git a/terraform/variables/stage.tfvars b/terraform/variables/stage.tfvars index 0792be5..3428f16 100644 --- a/terraform/variables/stage.tfvars +++ b/terraform/variables/stage.tfvars @@ -1,4 +1,6 @@ environment_tag = "stage" ui_regions = [ "us-east4" -] \ No newline at end of file +] +deploy_bot = true +bot_instance_size = "f1-micro"