chore: add Aspect Workflows CI (on AWS + GitLab)

.aspect/workflows/README.md

@@ -0,0 +1,21 @@
+# Aspect Workflows demonstration deployment
+
+This deployment of [Aspect Workflows](https://www.aspect.build/workflows) is configured to run on AWS + GitLab.
+
+The three components of the configuration are,
+
+1. Aspect Workflows terraform module
+1. Aspect Workflows configuration yaml
+1. GitLab CI configuration yaml
+
+## Aspect Workflows terraform module
+
+This is found under the [`.aspect/workflows/terraform`](./terraform/README.md) directory.
+
+## Aspect Workflows configuration yaml
+
+This is the `config.yaml` file in this directory.
+
+## GitLab CI configuration
+
+This is the `.gitlab-ci.yml` file at the root of the repository.

.aspect/workflows/config.yaml

@@ -0,0 +1,5 @@
+# See https://docs.aspect.build/v/workflows/config
+---
+tasks:
+ buildifier:
+ test:

.aspect/workflows/terraform/README.md

@@ -0,0 +1,7 @@
+# Aspect Workflows demonstration deployment terraform
+
+The terraform configuration found here is for a clean AWS sub-account with only Aspect Workflows deployed.
+
+- `main.tf` : terraform backend configuration
+- `vpc.tf` : VPC configuration
+- `workflows.tf` : Aspect Workflows module & AMI configuration

.aspect/workflows/terraform/main.tf

@@ -0,0 +1,56 @@
+terraform {
+ required_version = "~> 1.4.0"
+
+ backend "s3" {
+ bucket = "aw-deployment-terraform-state-rules-jest"
+ key = "global/s3/terraform.tfstate"
+ region = "us-west-2"
+ }
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws",
+ version = "~> 4.58.0"
+ }
+ }
+}
+
+provider "aws" {
+ region = "us-west-2"
+}
+
+resource "aws_s3_bucket" "terraform_state" {
+ bucket = "aw-deployment-terraform-state-rules-jest"
+
+ lifecycle {
+ prevent_destroy = true
+ }
+}
+
+resource "aws_s3_bucket_versioning" "terraform_state_versioning" {
+ bucket = aws_s3_bucket.terraform_state.id
+ versioning_configuration {
+ status = "Enabled"
+ }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "terraform_state_encryption" {
+ bucket = aws_s3_bucket.terraform_state.id
+
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
+ }
+ }
+}
+
+resource "aws_s3_bucket_public_access_block" "terraform_state_pab" {
+ bucket = aws_s3_bucket.terraform_state.id
+
+ block_public_acls = true
+ block_public_policy = true
+ ignore_public_acls = true
+ restrict_public_buckets = true
+}
+
+data "aws_region" "default" {}

.aspect/workflows/terraform/vpc.tf

@@ -0,0 +1,49 @@
+locals {
+ cidr = "10.0.0.0/16"
+ azs = ["us-west-2a", "us-west-2b", "us-west-2c"]
+
+ num_azs = length(local.azs)
+ num_bits_needed_for_azs = ceil(log(local.num_azs, 2))
+
+ private_cidr = cidrsubnet(local.cidr, 1, 0)
+ private_subnets = [
+ for i in range(local.num_azs) : cidrsubnet(local.private_cidr, local.num_bits_needed_for_azs, i)
+ ]
+
+ public_cidr = cidrsubnet(local.cidr, 1, 1)
+ public_subnets = [
+ for i in range(local.num_azs) : cidrsubnet(local.public_cidr, local.num_bits_needed_for_azs, i)
+ ]
+}
+
+module "vpc" {
+ source = "terraform-aws-modules/vpc/aws"
+ version = "4.0.2"
+
+ name = "aw_dev_vpc"
+ cidr = local.cidr
+
+ azs = local.azs
+ private_subnets = local.private_subnets
+ public_subnets = local.public_subnets
+
+ enable_nat_gateway = true
+ single_nat_gateway = true
+ enable_vpn_gateway = false
+ map_public_ip_on_launch = true
+}
+
+module "vpc_endpoints" {
+ source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
+ version = "4.0.2"
+
+ vpc_id = module.vpc.vpc_id
+ endpoints = {
+ s3 = {
+ service = "s3"
+ service_type = "Gateway"
+ tags = { Name = "s3-vpc-endpoint" }
+ route_table_ids = module.vpc.private_route_table_ids
+ },
+ }
+}