From 5d6937240240c942f8e3410171b8c2b36e568001 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Sat, 11 Nov 2023 16:08:06 -0300 Subject: [PATCH 01/27] feat: add Dockerfile --- Dockerfile | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c08a52e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,33 @@ +# Build layer + +# Official .NET SDK image as a base image +FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build + +# Build directory +WORKDIR /build + +# Copy the F# API app source code to the container +COPY projeto-fsharp . + +# Run the restore script +RUN ./restore.sh + +# Run the build command to build the app +RUN dotnet fake run build.fsx -t "Build" + +# Run layer + +# Official .NET runtime image +FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS runtime + +# Working app directory +WORKDIR /app + +# Copy the built app from the build layer +COPY --from=build /build/src/Server/out /app + +# Expose the port that the app will run on +EXPOSE 8085 + +# Command to run the app when the container starts +CMD ["dotnet", "Server.dll"] From ee768d92d682697d5b4a2962d3b932de1e1597c9 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Sat, 11 Nov 2023 16:16:21 -0300 Subject: [PATCH 02/27] feat: add github docker workflow --- .github/workflows/publish-ghcr.yaml | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/publish-ghcr.yaml diff --git a/.github/workflows/publish-ghcr.yaml b/.github/workflows/publish-ghcr.yaml new file mode 100644 index 0000000..0e37bf8 --- /dev/null +++ b/.github/workflows/publish-ghcr.yaml @@ -0,0 +1,30 @@ +name: Docker Build and Publish + +on: + push: + branches: + - main + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Build Docker Image + runs: | + docker build -t docker-image . + + - name: Login to Registry + uses: docker/login-action@v1 + with: + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Push to Registry + run: | + IMAGE_NAME="${{ vars.REGISTRY }}/${{ vars.PROJECT_NAME }}" + docker tag docker-image:latest $IMAGE_NAME:latest + docker push $IMAGE_NAME:latest From c82164a3a1b2e264a7fb276b5cceb1359690fe90 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Sat, 11 Nov 2023 16:18:35 -0300 Subject: [PATCH 03/27] fix: typo 'runs' in job --- .github/workflows/publish-ghcr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-ghcr.yaml b/.github/workflows/publish-ghcr.yaml index 0e37bf8..940f305 100644 --- a/.github/workflows/publish-ghcr.yaml +++ b/.github/workflows/publish-ghcr.yaml @@ -14,7 +14,7 @@ jobs: uses: actions/checkout@v3 - name: Build Docker Image - runs: | + run: | docker build -t docker-image . - name: Login to Registry From 7ed67634c58ecee90a4013cef8a6d3ae7af97b48 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Sat, 11 Nov 2023 16:22:51 -0300 Subject: [PATCH 04/27] fix: add 'master' to the trigger on push --- .github/workflows/publish-ghcr.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish-ghcr.yaml b/.github/workflows/publish-ghcr.yaml index 940f305..e6d24d7 100644 --- a/.github/workflows/publish-ghcr.yaml +++ b/.github/workflows/publish-ghcr.yaml @@ -4,6 +4,7 @@ on: push: branches: - main + - master jobs: build: From 43d85c765b8044f36599cd2c4a1ede132be13cba Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Sat, 11 Nov 2023 16:29:45 -0300 Subject: [PATCH 05/27] fix: update login to registry step --- .github/workflows/publish-ghcr.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/publish-ghcr.yaml b/.github/workflows/publish-ghcr.yaml index e6d24d7..fcb1a28 100644 --- a/.github/workflows/publish-ghcr.yaml +++ b/.github/workflows/publish-ghcr.yaml @@ -19,13 +19,13 @@ jobs: docker build -t docker-image . - name: Login to Registry - uses: docker/login-action@v1 - with: - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - + run: | + docker login ${{ vars.REGISTRY }} \ + -u ${{ secrets.REGISTRY_USERNAME }} \ + --password ${{ secrets.REGISTRY_PASSWORD }} + - name: Push to Registry run: | - IMAGE_NAME="${{ vars.REGISTRY }}/${{ vars.PROJECT_NAME }}" + IMAGE_NAME="${{ vars.REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/${{ vars.PROJECT_NAME }}" docker tag docker-image:latest $IMAGE_NAME:latest docker push $IMAGE_NAME:latest From 5ddedb39ec2235f880b1c7e15c0a11b797a0ef2d Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 14:46:41 -0300 Subject: [PATCH 06/27] feat: add workflow for terraform plan --- .github/workflows/tf-plan.yaml | 39 ++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/tf-plan.yaml diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml new file mode 100644 index 0000000..904e5c4 --- /dev/null +++ b/.github/workflows/tf-plan.yaml @@ -0,0 +1,39 @@ +name: Terraform Plan + +on: + pull_requests: + paths: + - 'terraform' + +jobs: + plan-dev: + name: 'Terraform plan DEV' + runs-on: 'ubuntu-latest' + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: 'Az CLI login' + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.5.0 + + - name: Terraform fmt + id: fmt + run: terraform fmt -check + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Plan + id: plamdev + run: terraform plan -no-color From bcdd30adaa137767a3334f8e440a42a1f26652a6 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 14:50:11 -0300 Subject: [PATCH 07/27] feat: run workflow only when changes app or dockerfile --- .github/workflows/publish-ghcr.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/publish-ghcr.yaml b/.github/workflows/publish-ghcr.yaml index fcb1a28..f3367ac 100644 --- a/.github/workflows/publish-ghcr.yaml +++ b/.github/workflows/publish-ghcr.yaml @@ -5,6 +5,9 @@ on: branches: - main - master + paths: + - Dockerfile + - projeto-fsharp jobs: build: From bbefb8e3edac00f7e91638b9add5fb255d196cee Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 14:50:29 -0300 Subject: [PATCH 08/27] fix: fix typo in workflow trigger --- .github/workflows/tf-plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 904e5c4..9bbbf86 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -1,7 +1,7 @@ name: Terraform Plan on: - pull_requests: + pull_request: paths: - 'terraform' From 7d600834007e9a51343a4f1e224e61ec7ad02ffc Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 14:52:49 -0300 Subject: [PATCH 09/27] fix: paths in docker workflow --- .github/workflows/publish-ghcr.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-ghcr.yaml b/.github/workflows/publish-ghcr.yaml index f3367ac..482a22c 100644 --- a/.github/workflows/publish-ghcr.yaml +++ b/.github/workflows/publish-ghcr.yaml @@ -5,9 +5,9 @@ on: branches: - main - master - paths: - - Dockerfile - - projeto-fsharp + paths: + - Dockerfile + - projeto-fsharp jobs: build: From a4fd6a937354e3a7402029cee68967ec726fa11a Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 14:53:05 -0300 Subject: [PATCH 10/27] fix: trigger on push for tf workflow --- .github/workflows/tf-plan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 9bbbf86..1e82466 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -1,7 +1,8 @@ name: Terraform Plan on: - pull_request: + # pull_request: + push: # test paths: - 'terraform' From db7ed8daa6f841bfecc240b636bce943bcefb086 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 14:58:20 -0300 Subject: [PATCH 11/27] fix: fix to paths in docker worflow --- .github/workflows/publish-ghcr.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-ghcr.yaml b/.github/workflows/publish-ghcr.yaml index 482a22c..48083e9 100644 --- a/.github/workflows/publish-ghcr.yaml +++ b/.github/workflows/publish-ghcr.yaml @@ -6,8 +6,8 @@ on: - main - master paths: - - Dockerfile - - projeto-fsharp + - 'Dockerfile' + - 'projeto-fsharp/**' jobs: build: From 722b510daf5b1b481c1fd641e16f74e729d3e3a5 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:00:46 -0300 Subject: [PATCH 12/27] test: trigger docker workflow --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index c08a52e..a6dd9c0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,3 +31,5 @@ EXPOSE 8085 # Command to run the app when the container starts CMD ["dotnet", "Server.dll"] + +# test \ No newline at end of file From e538a471ab8098526257b6f8e08ef6aa6288a644 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:04:28 -0300 Subject: [PATCH 13/27] feat: add vm terraform --- .github/workflows/tf-plan.yaml | 9 +--- terraform/main.tf | 75 ++++++++++++++++++++++++++++++++++ terraform/outputs.tf | 12 ++++++ terraform/providers.tf | 18 ++++++++ terraform/variables.tf | 11 +++++ 5 files changed, 118 insertions(+), 7 deletions(-) create mode 100644 terraform/main.tf create mode 100644 terraform/outputs.tf create mode 100644 terraform/providers.tf create mode 100644 terraform/variables.tf diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 1e82466..fcdb92d 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -1,7 +1,6 @@ name: Terraform Plan on: - # pull_request: push: # test paths: - 'terraform' @@ -27,14 +26,10 @@ jobs: with: terraform_version: 1.5.0 - - name: Terraform fmt - id: fmt - run: terraform fmt -check - - name: Terraform Init id: init run: terraform init - name: Terraform Plan - id: plamdev - run: terraform plan -no-color + id: plandev + run: terraform plan diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..0b73494 --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,75 @@ +resource "azurerm_resource_group" "vm_rg" { + name = "${var.prefix}-${terraform.workspace}-resource-group" + location = var.resource_group_location +} + +resource "azurerm_virtual_network" "vm_vnet" { + name = "${var.prefix}-${terraform.workspace}-network" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.vm_rg.location + resource_group_name = azurerm_resource_group.vm_rg.name +} + +resource "azurerm_subnet" "vm_subnet" { + name = "${var.prefix}-${terraform.workspace}-subnet" + resource_group_name = azurerm_resource_group.vm_rg.name + virtual_network_name = azurerm_virtual_network.vm_vnet.name + address_prefixes = ["10.0.1.0/24"] +} + +resource "azurerm_network_interface" "vm_nic" { + name = "${var.prefix}-${terraform.workspace}-nic" + location = azurerm_resource_group.vm_rg.location + resource_group_name = azurerm_resource_group.vm_rg.name + + ip_configuration { + name = "internal" + subnet_id = azurerm_subnet.vm_subnet.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.vm_publicip.id + } +} + +resource "azurerm_linux_virtual_machine" "vm" { + name = "${var.prefix}-${terraform.workspace}-machine" + resource_group_name = azurerm_resource_group.vm_rg.name + location = azurerm_resource_group.vm_rg.location + size = "Standard_F2" + admin_username = "adminuser" + network_interface_ids = [ + azurerm_network_interface.vm_nic.id, + ] + + admin_ssh_key { + username = "adminuser" + public_key = file("../resources/vm.pub") + } + + os_disk { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + source_image_reference { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-jammy" + sku = "22_04-lts-gen2" + version = "latest" + } +} + +resource "random_password" "password" { + length = 20 + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 + special = true +} + +resource "azurerm_public_ip" "vm_publicip" { + name = "${var.prefix}-${terraform.workspace}-publicip" + resource_group_name = azurerm_resource_group.vm_rg.name + location = azurerm_resource_group.vm_rg.location + allocation_method = "Static" +} diff --git a/terraform/outputs.tf b/terraform/outputs.tf new file mode 100644 index 0000000..c9eb51d --- /dev/null +++ b/terraform/outputs.tf @@ -0,0 +1,12 @@ +output "resource_group_name" { + value = azurerm_resource_group.vm_rg.name +} + +output "public_ip_address" { + value = azurerm_linux_virtual_machine.vm.public_ip_address +} + +output "admin_password" { + sensitive = true + value = azurerm_linux_virtual_machine.vm.admin_password +} \ No newline at end of file diff --git a/terraform/providers.tf b/terraform/providers.tf new file mode 100644 index 0000000..cb2b7d8 --- /dev/null +++ b/terraform/providers.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">=1.5" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>3.0" + } + random = { + source = "hashicorp/random" + version = "~>3.0" + } + } +} + +provider "azurerm" { + features {} +} \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..113374a --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,11 @@ +variable "resource_group_location" { + type = string + default = "East US" + description = "Location of the resource group." +} + +variable "prefix" { + type = string + default = "datapi" + description = "Prefix name for resources." +} \ No newline at end of file From 324e811ff10e16f5624ca3fdf3a0478f98a63a17 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:06:36 -0300 Subject: [PATCH 14/27] fix: add branches to terraform workflow --- .github/workflows/tf-plan.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index fcdb92d..6470f6d 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -2,6 +2,9 @@ name: Terraform Plan on: push: # test + branches: + - main + - master paths: - 'terraform' From ac1a9280863fd8995481c31c78b1184516a08425 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:07:49 -0300 Subject: [PATCH 15/27] fix: fix path to trigger workflow on terraform changes --- .github/workflows/tf-plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 6470f6d..75d5499 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -6,7 +6,7 @@ on: - main - master paths: - - 'terraform' + - 'terraform/**' jobs: plan-dev: From 82e9258097e98ac8131850f6f8229a00110e6a7d Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:09:23 -0300 Subject: [PATCH 16/27] fix: remove paths from tf worflow --- .github/workflows/tf-plan.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 75d5499..742817b 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -5,8 +5,6 @@ on: branches: - main - master - paths: - - 'terraform/**' jobs: plan-dev: From 0861dbacc9ca915161f6f5b59937658b32ac3091 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:14:44 -0300 Subject: [PATCH 17/27] fix: add write permission to id-token in tf worflow --- .github/workflows/tf-plan.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 742817b..2378c77 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -8,6 +8,9 @@ on: jobs: plan-dev: + permissions: + id-token: 'write' + name: 'Terraform plan DEV' runs-on: 'ubuntu-latest' From e31795ff22fbf1c11e1b2424ab0ea3e145393838 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:22:42 -0300 Subject: [PATCH 18/27] feat: change azure auth to env vars --- .github/workflows/tf-plan.yaml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 2378c77..83fd888 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -8,23 +8,19 @@ on: jobs: plan-dev: - permissions: - id-token: 'write' - name: 'Terraform plan DEV' runs-on: 'ubuntu-latest' + env: + ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + steps: - name: Checkout Repository uses: actions/checkout@v3 - - name: 'Az CLI login' - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Setup Terraform uses: hashicorp/setup-terraform@v1 with: From 446c6a9415f16508a9b6cc71f89ccde72c4df2d7 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:25:08 -0300 Subject: [PATCH 19/27] fix: set the correct folder for tf workflow --- .github/workflows/tf-plan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 83fd888..3f33797 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -33,3 +33,4 @@ jobs: - name: Terraform Plan id: plandev run: terraform plan + working-directory: terraform From 06619ec76655bebedeabd4c9852757d545033876 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:27:17 -0300 Subject: [PATCH 20/27] fix: simplify the tf plan step --- .github/workflows/tf-plan.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 3f33797..c88d3cc 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -26,11 +26,9 @@ jobs: with: terraform_version: 1.5.0 - - name: Terraform Init - id: init - run: terraform init - - name: Terraform Plan - id: plandev - run: terraform plan + run: | + cd terraform + terraform init + terraform plan working-directory: terraform From e80c52c0b1982bbb2696280440f3614047a0aadb Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:28:44 -0300 Subject: [PATCH 21/27] fix: remove cd command --- .github/workflows/tf-plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index c88d3cc..6f07b7e 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -28,7 +28,7 @@ jobs: - name: Terraform Plan run: | - cd terraform + pwd terraform init terraform plan working-directory: terraform From ab402463a61843ec2a6b6582092e9cc753f82ad6 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 15:29:54 -0300 Subject: [PATCH 22/27] feat: add missing vm pub key --- resources/vm.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 resources/vm.pub diff --git a/resources/vm.pub b/resources/vm.pub new file mode 100644 index 0000000..d19db5e --- /dev/null +++ b/resources/vm.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxIUbdI166bxR4FYr9a3BwBayGQqNl+N7iDbnD0vkG/C4t5OFll2bUysU/7m4durfcDjWUhAENTvJTdNllP88lgGgn9HkzQZq4/X0kjfEcUHj0yyf6B4ffmKgCYteNv3RS1W4nAWvTQOmBmCVLWDuw3ZEBbUnjxqf48KZjVNHq/J+erZ2F0JG4bJLc0qyi34ljbzLe8jqTetxCNqO5oH7264JOZnqJMPSD0q0JpI3GYzlbB5qh+yPwtku7pjbVr9uLTSfryzyNvwqtjbTxXXGquJQLGRtECBUAIkErjprXtKbo6uhyLEGuubF0yqZzvR7rAuz2IlSOlaxJ+E/bqryPuXi7eAgvAqhpAr8LyjqBDHaXDgZLPEWjJhQEfdWkFftGVSUMoom0ZFARbVN7j3jHigShnbOgijL1su/3iieVzq3R/LZXuVjarwES1lB22NMTwnVX/uBYfeNms0LU12n6UrX/vvsvhGHFR1/mlNCs53usodG6VYMLnYT3QeSK/3k= ricardo@SIVIR.local From 4bda07380613a71ebdb4e998196d1d77b88a3481 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 16:22:04 -0300 Subject: [PATCH 23/27] feat: add kubernetes yaml files --- kubernetes/deployment.yaml | 21 +++++++++++++++++++++ kubernetes/kustomization.yaml | 14 ++++++++++++++ kubernetes/namespace.yaml | 4 ++++ kubernetes/secret.yaml | 8 ++++++++ 4 files changed, 47 insertions(+) create mode 100644 kubernetes/deployment.yaml create mode 100644 kubernetes/kustomization.yaml create mode 100644 kubernetes/namespace.yaml create mode 100644 kubernetes/secret.yaml diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml new file mode 100644 index 0000000..d941616 --- /dev/null +++ b/kubernetes/deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datapi-deploy +spec: + replicas: 1 + selector: + matchLabels: + app: datapi + template: + metadata: + labels: + app: datapi + spec: + containers: + - name: datapi-container + image: ghcr.io/rhrlima/datapi:latest + ports: + - containerPort: 8085 + imagePullSecrets: + - name: registry-secret diff --git a/kubernetes/kustomization.yaml b/kubernetes/kustomization.yaml new file mode 100644 index 0000000..91e84db --- /dev/null +++ b/kubernetes/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: datapi + +resources: + - namespace.yaml + - deployment.yaml + - secret.yaml + +commonLabels: + app: datapi + env: dev + version: v1.0 diff --git a/kubernetes/namespace.yaml b/kubernetes/namespace.yaml new file mode 100644 index 0000000..a897ff2 --- /dev/null +++ b/kubernetes/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: datapi diff --git a/kubernetes/secret.yaml b/kubernetes/secret.yaml new file mode 100644 index 0000000..60e8915 --- /dev/null +++ b/kubernetes/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: registry-secret + namespace: datapi +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: ewogICAgImF1dGhzIjoKICAgIHsKICAgICAgICAiZ2hjci5pbyI6CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICJhdXRoIjoiY21oeWJHbHRZVHBuYUhCZldIRXlZa0k1WWtWelRqbEJSMlZvVlV4bE1HWm9PWEl6T1ZScVEzWTJNRVZOYzNBeUNnPT0iCiAgICAgICAgICAgIH0KICAgIH0KfQ== From b1a3ac88f2c0fc0db7a7ff6c765aca5b955fbb36 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 16:22:24 -0300 Subject: [PATCH 24/27] feat: add azure backend to tfstate --- terraform/providers.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform/providers.tf b/terraform/providers.tf index cb2b7d8..bc7767a 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -11,6 +11,12 @@ terraform { version = "~>3.0" } } + backend "azurerm" { + resource_group_name = "tfstate" + storage_account_name = "tfstate24650" + container_name = "tfstate" + key = "datapi/terraform.tfstate" + } } provider "azurerm" { From 36b8b44a414e5ee00311234366535809dc8e44bf Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 16:23:25 -0300 Subject: [PATCH 25/27] fix: remove sensible info from secret --- kubernetes/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/secret.yaml b/kubernetes/secret.yaml index 60e8915..9b6c043 100644 --- a/kubernetes/secret.yaml +++ b/kubernetes/secret.yaml @@ -5,4 +5,4 @@ metadata: namespace: datapi type: kubernetes.io/dockerconfigjson data: - .dockerconfigjson: ewogICAgImF1dGhzIjoKICAgIHsKICAgICAgICAiZ2hjci5pbyI6CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICJhdXRoIjoiY21oeWJHbHRZVHBuYUhCZldIRXlZa0k1WWtWelRqbEJSMlZvVlV4bE1HWm9PWEl6T1ZScVEzWTJNRVZOYzNBeUNnPT0iCiAgICAgICAgICAgIH0KICAgIH0KfQ== + .dockerconfigjson: From ecc42d8c156c032879ae003453b124c09fdaad4d Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 16:24:21 -0300 Subject: [PATCH 26/27] feat: add challenge explanation doc --- descricao.md | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 descricao.md diff --git a/descricao.md b/descricao.md new file mode 100644 index 0000000..34299cc --- /dev/null +++ b/descricao.md @@ -0,0 +1,71 @@ +# Máquina Virtual + +Na pasta `terraform` estão os arquivos para criação da máquina virtual. + +- Os recursos foram nomeados usando um prefixo `datapi`. O nome do workspace também faz parte do nome, o que facilita o uso destes mesmos recursos para diferentes ambientes. +- Um ip público foi adicionado ao recurso de `network interface` para tornar a máquina acessivel externamente. +- Uma chave ssh pública foi adicionada `vm.pub` para permitir o acesso via ssh. +- A VM foi criada com linux, rodando `Ubuntu 22.04`. +- A senha de admin foi gerada de forma aleatória, e é somente exibida durante a aplicação do plano como `output`. +- O arquivo `providers` está configurado para salvar o `tfstate` em uma `storage` na Azure. O importante aqui é criar uma `key` unica para cada projeto, para evitar conflitos entre arquivos terraform. + +# Docker + +A construção do `Dockerfile` está dividido em duas etapas: `build` e `runtime`. + +## Build + +- Usa a imagem .NET SDK `6.0.x` +- Copia os arquivos do repositório +- Restaura as dependencias +- Chama o `fake build` + +## Runtime + +- Usa a imagem .NET Runtime `6.0.x` +- Copia os arquivos gerados pelo build +- Exporta a porta usada pelo app `8085` +- Define o `entrypoint` chamando a aplicação + +A divisão dessas etapas ajuda a diminuir o tamanho da imagem final, e também mantém apenas os arquivos necessários para executar a aplicação. + +# CI/CD + +Foram criados dois workflows: + +## publish-ghcr + +Realiza o build da imagem Docker da aplicação e faz o envio para o registry do Github. + +Requer algumas variaveis e segredos: +- var `REGISTRY`: a URL do registry desejado (`ghcr.io`) +- var `PROJECT_NAME`: com o nome do projeto, que vai ser usado como nome da imagem +- secret `REGISTRY_USERNAME`: o `username` do dono do repositório +- secret `REGISTRY_PASSWORD`: o token pessoal com acesso ao registry do github + +A execução desse workflow foi restrito para apenas ocorrer quando houver mudanças nos arquivos da aplicação (pasta `projeto-fsharp`), ou no arquivo `Dockerfile`. + +## tf-plan + +Executa o `plan` do Terraform para garantir que as mudanças estão corretas. + +Requer alguns segredos para autenticar com a Azure: +- secret `ARM_CLIENT_ID`: O ID da aplicação +- secret `ARM_CLIENT_SECRET`: O segredo criado para a aplicação +- secret `ARM_SUBSCRIPTION_ID`: O ID da `subscription` da conta +- secret `ARM_TENANT_ID`: O ID do `tenant` da aplicação + +A execução desse workflow foi restrito para ser executado apenas em `pull requests` se arquivos da pasta `terraform` foram modificados. + +# Kubernetes + +Os arquivos YAML para deploy da aplicação em um cluster Kubernetes. + +Todo o deploy foi criado usando um arquivo de `kustomization`, que lista os demais arquivos: +- `namespace.yaml`: cria um namespace para aplicação +- `deployment.yaml`: configura o deployment do app +- `secret.yaml`: cria um segredo com a autenticação com o GHCR.io + +O arquivo de `kustomization` também inclui labels comuns para todos os serviços (app, env, version), que faciliam o controle para diferentes apps e ambientes. + +Utilizar secrets como feito nesse exemplo não é recomendado pois pode expor dados sensíveis, como o token de auth para o GHCR. Nesses casos é melhor usar ferramentas como `Sealed Secrets` ou `External Secret`, que são aplicações que rodam no cluster Kubernetes, e são usados para encriptar segredos, tornando mais seguro comitar esses arquivos em repositórios git. From 26cd81905ea50b700b59cdf1dc9ef2671baef175 Mon Sep 17 00:00:00 2001 From: Ricardo Lima Date: Mon, 13 Nov 2023 16:27:25 -0300 Subject: [PATCH 27/27] fix: update workflow trigger to pull request --- .github/workflows/tf-plan.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 6f07b7e..d21b0eb 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -1,10 +1,9 @@ name: Terraform Plan on: - push: # test - branches: - - main - - master + pull_request: + paths: + - terraform/** jobs: plan-dev: