generated from bazel-contrib/rules-template
-
-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: add Aspect Workflows CI (on AWS + GitLab)
- Loading branch information
1 parent
84b1f81
commit 2f39676
Showing
13 changed files
with
496 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Aspect Workflows demonstration deployment | ||
|
||
This deployment of [Aspect Workflows](https://www.aspect.build/workflows) is configured to run on AWS + GitLab. | ||
|
||
The three components of the configuration are, | ||
|
||
1. Aspect Workflows terraform module | ||
1. Aspect Workflows configuration yaml | ||
1. GitLab CI configuration yaml | ||
|
||
## Aspect Workflows terraform module | ||
|
||
This is found under the [`.aspect/workflows/terraform`](./terraform/README.md) directory. | ||
|
||
## Aspect Workflows configuration yaml | ||
|
||
This is the `config.yaml` file in this directory. | ||
|
||
## GitLab CI configuration | ||
|
||
This is the `.gitlab-ci.yml` file at the root of the repository. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# See https://docs.aspect.build/v/workflows/config | ||
--- | ||
tasks: | ||
buildifier: | ||
test: |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Aspect Workflows demonstration deployment terraform | ||
|
||
The terraform configuration found here is for a clean AWS sub-account with only Aspect Workflows deployed. | ||
|
||
- `main.tf` : terraform backend configuration | ||
- `vpc.tf` : VPC configuration | ||
- `workflows.tf` : Aspect Workflows module & AMI configuration |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
terraform { | ||
required_version = "~> 1.4.0" | ||
|
||
backend "s3" { | ||
bucket = "aw-deployment-terraform-state-rules-jest" | ||
key = "global/s3/terraform.tfstate" | ||
region = "us-west-2" | ||
} | ||
|
||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws", | ||
version = "~> 4.58.0" | ||
} | ||
} | ||
} | ||
|
||
provider "aws" { | ||
region = "us-west-2" | ||
} | ||
|
||
resource "aws_s3_bucket" "terraform_state" { | ||
bucket = "aw-deployment-terraform-state-rules-jest" | ||
|
||
lifecycle { | ||
prevent_destroy = true | ||
} | ||
} | ||
|
||
resource "aws_s3_bucket_versioning" "terraform_state_versioning" { | ||
bucket = aws_s3_bucket.terraform_state.id | ||
versioning_configuration { | ||
status = "Enabled" | ||
} | ||
} | ||
|
||
resource "aws_s3_bucket_server_side_encryption_configuration" "terraform_state_encryption" { | ||
bucket = aws_s3_bucket.terraform_state.id | ||
|
||
rule { | ||
apply_server_side_encryption_by_default { | ||
sse_algorithm = "AES256" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_s3_bucket_public_access_block" "terraform_state_pab" { | ||
bucket = aws_s3_bucket.terraform_state.id | ||
|
||
block_public_acls = true | ||
block_public_policy = true | ||
ignore_public_acls = true | ||
restrict_public_buckets = true | ||
} | ||
|
||
data "aws_region" "default" {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
locals { | ||
cidr = "10.0.0.0/16" | ||
azs = ["us-west-2a", "us-west-2b", "us-west-2c"] | ||
|
||
num_azs = length(local.azs) | ||
num_bits_needed_for_azs = ceil(log(local.num_azs, 2)) | ||
|
||
private_cidr = cidrsubnet(local.cidr, 1, 0) | ||
private_subnets = [ | ||
for i in range(local.num_azs) : cidrsubnet(local.private_cidr, local.num_bits_needed_for_azs, i) | ||
] | ||
|
||
public_cidr = cidrsubnet(local.cidr, 1, 1) | ||
public_subnets = [ | ||
for i in range(local.num_azs) : cidrsubnet(local.public_cidr, local.num_bits_needed_for_azs, i) | ||
] | ||
} | ||
|
||
module "vpc" { | ||
source = "terraform-aws-modules/vpc/aws" | ||
version = "4.0.2" | ||
|
||
name = "aw_dev_vpc" | ||
cidr = local.cidr | ||
|
||
azs = local.azs | ||
private_subnets = local.private_subnets | ||
public_subnets = local.public_subnets | ||
|
||
enable_nat_gateway = true | ||
single_nat_gateway = true | ||
enable_vpn_gateway = false | ||
map_public_ip_on_launch = true | ||
} | ||
|
||
module "vpc_endpoints" { | ||
source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" | ||
version = "4.0.2" | ||
|
||
vpc_id = module.vpc.vpc_id | ||
endpoints = { | ||
s3 = { | ||
service = "s3" | ||
service_type = "Gateway" | ||
tags = { Name = "s3-vpc-endpoint" } | ||
route_table_ids = module.vpc.private_route_table_ids | ||
}, | ||
} | ||
} |
Oops, something went wrong.