fix: routes (#14)

add: acr route
already applied on dev.
previously failing job:
https://github.com/comsysto/wp10-image-factory/actions/runs/10973783705/attempts/2
now succeeded:
https://github.com/comsysto/wp10-image-factory/actions/runs/10973783705
also added:
- tags to all Azure resources
- terraform README.md for every module

README-terraform.md → docs/README-terraform.md

@@ -1,10 +1,3 @@
-# wp10-image-factory
-Frame Contract WP10 Image Factory
-
-# Contents
-- `terraform-init` - terraform code for setting up an Azure Storage Account that can be used for saving the terraform state
-- `terraform` - terraform modules for deploying the resource group, virtual network, subnet, VM
-
 # Requirements
 - Access to Azure Resource Manager
 - `terraform >=1.0.0`, tested with `1.9.5`

terraform-init/README.md

@@ -0,0 +1,40 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~>3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | ~>3.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_state_storage"></a> [state\_storage](#module\_state\_storage) | ./modules/state-storage | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix of the resource name | `string` | `"wp10"` | no |
+| <a name="input_state_env_tag"></a> [state\_env\_tag](#input\_state\_env\_tag) | Environment tag applied to all created resources | `string` | `"dev"` | no |
+| <a name="input_state_project_tag"></a> [state\_project\_tag](#input\_state\_project\_tag) | Project tag applied to all created resources | `string` | `"wp10"` | no |
+| <a name="input_state_rg_location"></a> [state\_rg\_location](#input\_state\_rg\_location) | Location of the resource group | `string` | `"westeurope"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | Name of the created resource group. Value needed for `config.azurerm.tfbackend` |
+| <a name="output_state_container_name"></a> [state\_container\_name](#output\_state\_container\_name) | Name of the storage account container used for the terraform state. Value needed for `config.azurerm.tfbackend` |
+| <a name="output_state_storage_account_name"></a> [state\_storage\_account\_name](#output\_state\_storage\_account\_name) | Name of the storage account used for terraform state backend. Value needed for `config.azurerm.tfbackend` |
+<!-- END_TF_DOCS -->

terraform-init/modules.tf

@@ -1,6 +1,9 @@
 module "state_storage" {
  source = "./modules/state-storage"
- 
- prefix = var.prefix
+
+ prefix  = var.prefix
  resource_group_location = var.state_rg_location
+ state_env_tag = var.state_env_tag
+ state_project_tag = var.state_project_tag
+
 }

terraform-init/modules/state-storage/README.md

@@ -1 +1,43 @@
-TODO
+TODO
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_resource_group.state_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_storage_account.tfstate](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
+| [azurerm_storage_container.tfstate](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [random_string.resource_code](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix of the resource name. | `string` | n/a | yes |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | Location of the resource group. | `string` | n/a | yes |
+| <a name="input_state_env_tag"></a> [state\_env\_tag](#input\_state\_env\_tag) | Environment tag applied to all created resources. | `string` | n/a | yes |
+| <a name="input_state_project_tag"></a> [state\_project\_tag](#input\_state\_project\_tag) | Project tag applied to all created resources. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | Name of the created resource group. Value needed for config.azurerm.tfbackend. |
+| <a name="output_state_container_name"></a> [state\_container\_name](#output\_state\_container\_name) | Name of the storage account container used for the terraform state. Value needed for config.azurerm.tfbackend. |
+| <a name="output_state_storage_account_name"></a> [state\_storage\_account\_name](#output\_state\_storage\_account\_name) | Name of the storage account used for terraform state backend. Value needed for config.azurerm.tfbackend. |
+<!-- END_TF_DOCS -->

terraform-init/modules/state-storage/output.tf

@@ -1,11 +1,14 @@
 output "resource_group_name" {
- value = azurerm_resource_group.state_rg.name
+ value = azurerm_resource_group.state_rg.name
+ description = "Name of the created resource group. Value needed for config.azurerm.tfbackend."
 }
 
 output "state_storage_account_name" {
- value = azurerm_storage_account.tfstate.name
+ value = azurerm_storage_account.tfstate.name
+ description = "Name of the storage account used for terraform state backend. Value needed for config.azurerm.tfbackend."
 }
 
 output "state_container_name" {
- value = azurerm_storage_container.tfstate.name
+ value = azurerm_storage_container.tfstate.name
+ description = "Name of the storage account container used for the terraform state. Value needed for config.azurerm.tfbackend."
 }

terraform-init/modules/state-storage/storage.tf

@@ -1,18 +1,24 @@
 resource "azurerm_resource_group" "state_rg" {
  location = var.resource_group_location
  name = "${var.prefix}-state-rg"
+
+ tags = {
+ environment = var.state_env_tag
+ project = var.state_project_tag
+ }
 }
 
 resource "azurerm_storage_account" "tfstate" {
- name = "tfstate${random_string.resource_code.result}"
- resource_group_name = azurerm_resource_group.state_rg.name
- location = azurerm_resource_group.state_rg.location
- account_tier = "Standard"
- account_replication_type = "LRS"
+ name  = "tfstate${random_string.resource_code.result}"
+ resource_group_name  = azurerm_resource_group.state_rg.name
+ location  = azurerm_resource_group.state_rg.location
+ account_tier  = "Standard"
+ account_replication_type  = "LRS"
  allow_nested_items_to_be_public = false
 
  tags = {
- environment = "staging"
+ environment = var.state_env_tag
+ project = var.state_project_tag
  }
 }
 

terraform-init/modules/state-storage/variables.tf

@@ -1,9 +1,19 @@
 variable "prefix" {
  type = string
- description = "Prefix of the resource name"
+ description = "Prefix of the resource name."
 }
 
 variable "resource_group_location" {
  type = string
  description = "Location of the resource group."
+}
+
+variable "state_env_tag" {
+ type = string
+ description = "Environment tag applied to all created resources."
+}
+
+variable "state_project_tag" {
+ type = string
+ description = "Project tag applied to all created resources."
 }

terraform-init/outputs.tf

@@ -1,11 +1,14 @@
 output "resource_group_name" {
- value = module.state_storage.resource_group_name
+ value = module.state_storage.resource_group_name
+ description = "Name of the created resource group. Value needed for `config.azurerm.tfbackend`"
 }
 
 output "state_storage_account_name" {
- value = module.state_storage.state_storage_account_name
+ value = module.state_storage.state_storage_account_name
+ description = "Name of the storage account used for terraform state backend. Value needed for `config.azurerm.tfbackend`"
 }
 
 output "state_container_name" {
- value = module.state_storage.state_container_name
+ value = module.state_storage.state_container_name
+ description = "Name of the storage account container used for the terraform state. Value needed for `config.azurerm.tfbackend`"
 }

terraform-init/variables.tf

@@ -1,11 +1,6 @@
 variable "state_rg_location" {
  default = "westeurope"
- description = "Location of the resource group."
-}
-
-variable "resource_group_location" {
- default = "westeurope"
- description = "Location of the resource group."
+ description = "Location of the resource group"
 }
 
 variable "prefix" {
@@ -14,3 +9,15 @@ variable "prefix" {
  description = "Prefix of the resource name"
 }
 
+variable "state_env_tag" {
+ type = string
+ default = "dev"
+ description = "Environment tag applied to all created resources"
+}
+
+variable "state_project_tag" {
+ type = string
+ default = "wp10"
+ description = "Project tag applied to all created resources"
+}
+

terraform/README.md

@@ -0,0 +1,49 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.0 |
+| <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) | ~>1.15 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~>3.0 |
+| <a name="requirement_external"></a> [external](#requirement\_external) | 2.3.4 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | 6.3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | ~>3.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_acg"></a> [acg](#module\_acg) | ./modules/acg | n/a |
+| <a name="module_acr"></a> [acr](#module\_acr) | ./modules/acr | n/a |
+| <a name="module_firewall"></a> [firewall](#module\_firewall) | ./modules/firewall | n/a |
+| <a name="module_github_output"></a> [github\_output](#module\_github\_output) | ./modules/github_output | n/a |
+| <a name="module_network"></a> [network](#module\_network) | ./modules/network | n/a |
+| <a name="module_runner"></a> [runner](#module\_runner) | ./modules/runner | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_env_tag"></a> [env\_tag](#input\_env\_tag) | Environment tag applied to all created resources | `string` | `"dev"` | no |
+| <a name="input_local_development"></a> [local\_development](#input\_local\_development) | Development purposes only: set to 'true' when running terraform apply locally. Outputs SSH private key to the terraform directory | `bool` | `false` | no |
+| <a name="input_project_tag"></a> [project\_tag](#input\_project\_tag) | Project tag applied to all created resources | `string` | `"wp10"` | no |
+| <a name="input_repository"></a> [repository](#input\_repository) | Repository in which to save output secrets | `string` | `"wp10-image-factory"` | no |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | Location of the resource group | `string` | `"westeurope"` | no |
+| <a name="input_runner_image_id"></a> [runner\_image\_id](#input\_runner\_image\_id) | Shared Image Gallery ID of the runner VM image | `string` | `"/subscriptions/218f1214-da01-4678-8025-4e14a989e315/resourceGroups/wp10-tf-dev-rg/providers/Microsoft.Compute/galleries/wp10ImageFactoryGallery/images/image-factory-vm/versions/1.0.34"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_network_name"></a> [network\_name](#output\_network\_name) | Name of the created resource group. |
+| <a name="output_runner_data"></a> [runner\_data](#output\_runner\_data) | Prints out runner data if `local_development` is set to `true`. |
+<!-- END_TF_DOCS -->

terraform/modules.tf

@@ -3,6 +3,8 @@ module "network" {
 
  prefix = local.prefix
  resource_group_location = var.resource_group_location
+ env_tag = var.env_tag
+ project_tag = var.project_tag
 }
 
 module "runner" {
@@ -15,6 +17,8 @@ module "runner" {
  public_subnet_id = module.network.public_subnet.id
  private_subnet_id = module.network.private_subnet.id
  runner_image_id = var.runner_image_id
+ env_tag = var.env_tag
+ project_tag = var.project_tag
 }
 
 
@@ -26,6 +30,8 @@ module "acr" {
  resource_group_name = module.network.resource_group.name
  virtual_network = module.network.azurerm_virtual_network
  subnet_id = module.network.private_subnet.id
+ env_tag = var.env_tag
+ project_tag = var.project_tag
 }
 
 module "acg" {
@@ -36,6 +42,8 @@ module "acg" {
  resource_group_name = module.network.resource_group.name
  subnet_id = module.network.private_subnet.id
  virtual_network = module.network.azurerm_virtual_network
+ env_tag = var.env_tag
+ project_tag = var.project_tag
 }
 
 module "firewall" {
@@ -47,6 +55,8 @@ module "firewall" {
  public_subnet_id = module.network.public_subnet.id
  private_subnet_id = module.network.private_subnet.id
  virtual_network = module.network.azurerm_virtual_network.name
+ env_tag = var.env_tag
+ project_tag = var.project_tag
 }
 
 module "github_output" {

terraform/modules/acg/README.md

@@ -0,0 +1,39 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_shared_image_gallery.factory_image_gallery](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image_gallery) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_env_tag"></a> [env\_tag](#input\_env\_tag) | Environment tag applied to all created resources | `string` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix of the resource name | `string` | n/a | yes |
+| <a name="input_project_tag"></a> [project\_tag](#input\_project\_tag) | Project tag applied to all created resources | `string` | n/a | yes |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | Azure region | `string` | n/a | yes |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Name of the existing resource group | `string` | n/a | yes |
+| <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | Private endpoint subnet | `string` | n/a | yes |
+| <a name="input_virtual_network"></a> [virtual\_network](#input\_virtual\_network) | Virtual network | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_gallery_id"></a> [gallery\_id](#output\_gallery\_id) | Shared Image Gallery ID |
+<!-- END_TF_DOCS -->

terraform/modules/acg/main.tf

@@ -6,4 +6,10 @@ resource "azurerm_shared_image_gallery" "factory_image_gallery" {
  resource_group_name = var.resource_group_name
  location = var.resource_group_location
  description = "Gallery for storing golden images"
+
+ tags = {
+ environment = var.env_tag
+ project = var.project_tag
+ }
 }
+

terraform/modules/acg/outputs.tf

@@ -1,4 +1,4 @@
-# Export Outputs
 output "gallery_id" {
- value = azurerm_shared_image_gallery.factory_image_gallery.id
+ value = azurerm_shared_image_gallery.factory_image_gallery.id
+ description = "Shared Image Gallery ID"
 }