Apply configure platform-test-rails patch

.github/workflows/cd-app.yml → .github/workflows/cd-app-rails.yml

@@ -1,4 +1,4 @@
-name: Deploy App
+name: Deploy app-rails
 # Need to set a default value for when the workflow is triggered from a git push
 # which bypasses the default configuration for inputs
 run-name: Deploy ${{ github.ref_name }} to App ${{ inputs.environment || 'dev' }}
@@ -9,7 +9,7 @@ on:
  # branches:
  # - "main"
  # paths:
- # - "app/**"
+ # - "app-rails/**"
  # - "bin/**"
  # - "infra/**"
  workflow_dispatch:
@@ -29,5 +29,5 @@ jobs:
  name: Deploy
  uses: ./.github/workflows/deploy.yml
  with:
- app_name: "app"
+ app_name: "app-rails"
  environment: ${{ inputs.environment || 'dev' }}

.github/workflows/ci-app-vulnerability-scans.yml → .github/workflows/ci-app-rails-vulnerability-scans.yml

@@ -5,22 +5,22 @@ on:
  branches:
  - main
  paths:
- - app/**
+ - app-rails/**
  - .grype.yml
  - .hadolint.yaml
  - .trivyignore
- - .github/workflows/ci-app-vulnerability-scans.yml
+ - .github/workflows/ci-app-rails-vulnerability-scans.yml
  pull_request:
  paths:
- - app/**
+ - app-rails/**
  - .grype.yml
  - .hadolint.yaml
  - .trivyignore
- - .github/workflows/ci-app-vulnerability-scans.yml
+ - .github/workflows/ci-app-rails-vulnerability-scans.yml
 
 jobs:
  vulnerability-scans:
  name: Vulnerability Scans
  uses: ./.github/workflows/vulnerability-scans.yml
  with:
- app_name: "app"
+ app_name: "app-rails"

infra/accounts/dev.590183764781.s3.tfbackend

@@ -0,0 +1,4 @@
+bucket = "platform-test-rails-590183764781-us-east-1-tf"
+key = "infra/account.tfstate"
+dynamodb_table = "platform-test-rails-590183764781-us-east-1-tf-state-locks"
+region = "us-east-1"

infra/app/app-config/dev.tf → infra/app-rails/app-config/dev.tf

@@ -6,14 +6,14 @@ module "dev_config" {
  environment = "dev"
  account_name = "dev"
  network_name = "dev"
- domain_name = null
- enable_https = false
+ domain_name = "platform-test-rails-dev.navateam.com"
+ enable_https = true
  has_database = local.has_database
  has_incident_management_service = local.has_incident_management_service
  enable_identity_provider = local.enable_identity_provider
 
  # Enables ECS Exec access for debugging or jump access.
  # See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html
  # Defaults to `false`. Uncomment the next line to enable.
- # enable_command_execution = true
+ enable_command_execution = true
 }

infra/app/app-config/env-config/environment-variables.tf → infra/app-rails/app-config/env-config/environment-variables.tf

@@ -30,5 +30,10 @@ locals {
  # manage_method = "manual"
  # secret_store_name = "/${var.app_name}-${var.environment}/secret-sauce"
  # }
+
+ SECRET_KEY_BASE = {
+ manage_method = "generated"
+ secret_store_name = "/${var.app_name}-${var.environment}/service/rails-secret-key-base"
+ }
  }
 }

infra/app-rails/app-config/feature-flags.tf

@@ -0,0 +1,3 @@
+locals {
+ feature_flags = []
+}

infra/app/app-config/main.tf → infra/app-rails/app-config/main.tf

@@ -20,7 +20,7 @@ locals {
  # If enabled, the networks associated with this application's environments
  # will have NAT gateways, which allows the service in the private subnet to
  # make calls to the internet.
- has_external_non_aws_service = false
+ has_external_non_aws_service = true
 
  has_incident_management_service = false
 
@@ -29,7 +29,7 @@ locals {
  # 1. A Cognito user pool will be created
  # 2. A Cognito user pool app client will be created
  # 3. Environment variables for the app client will be added to the service
- enable_identity_provider = false
+ enable_identity_provider = true
 
  environment_configs = {
  dev = module.dev_config

infra/app-rails/build-repository/shared.s3.tfbackend

@@ -0,0 +1,4 @@
+bucket = "platform-test-rails-590183764781-us-east-1-tf"
+key = "infra/app-rails/build-repository/shared.tfstate"
+dynamodb_table = "platform-test-rails-590183764781-us-east-1-tf-state-locks"
+region = "us-east-1"

infra/app-rails/database/dev.s3.tfbackend

@@ -0,0 +1,4 @@
+bucket = "platform-test-rails-590183764781-us-east-1-tf"
+key = "infra/app-rails/database/dev.tfstate"
+dynamodb_table = "platform-test-rails-590183764781-us-east-1-tf-state-locks"
+region = "us-east-1"

infra/app-rails/service/dev.s3.tfbackend

@@ -0,0 +1,4 @@
+bucket = "platform-test-rails-590183764781-us-east-1-tf"
+key = "infra/app-rails/service/dev.tfstate"
+dynamodb_table = "platform-test-rails-590183764781-us-east-1-tf-state-locks"
+region = "us-east-1"

infra/networks/dev.s3.tfbackend

@@ -0,0 +1,4 @@
+bucket = "platform-test-rails-590183764781-us-east-1-tf"
+key = "infra/networks/dev.tfstate"
+dynamodb_table = "platform-test-rails-590183764781-us-east-1-tf-state-locks"
+region = "us-east-1"

infra/networks/main.tf

@@ -65,7 +65,7 @@ module "project_config" {
 }
 
 module "app_config" {
- source = "../app/app-config"
+ source = "../app-rails/app-config"
 }
 
 module "network" {

infra/project-config/main.tf

@@ -1,18 +1,18 @@
 locals {
  # Machine readable project name (lower case letters, dashes, and underscores)
  # This will be used in names of AWS resources
- project_name = "<PROJECT_NAME>"
+ project_name = "platform-test-rails"
 
  # Project owner (e.g. navapbc). Used for tagging infra resources.
- owner = "<OWNER>"
+ owner = "navapbc"
 
  # URL of project source code repository
- code_repository_url = "<REPO_URL>"
+ code_repository_url = "https://github.com/navapbc/platform-test-rails"
 
  # Default AWS region for project (e.g. us-east-1, us-east-2, us-west-1).
  # This is dependent on where your project is located (if regional)
  # otherwise us-east-1 is a good default
- default_region = "<DEFAULT_REGION>"
+ default_region = "us-east-1"
 
  github_actions_role_name = "${local.project_name}-github-actions"
 

infra/project-config/networks.tf

@@ -8,7 +8,7 @@ locals {
  # Placeholder value for the hosted zone
  # A hosted zone represents a domain and all of its subdomains. For example, a
  # hosted zone of foo.domain.com includes foo.domain.com, bar.foo.domain.com, etc.
- hosted_zone = "hosted.zone.for.dev.network.com"
+ hosted_zone = "platform-test-rails-dev.navateam.com"
 
  certificate_configs = {
  # Example certificate configuration for a certificate that is managed by the project
@@ -23,6 +23,9 @@ locals {
  # private_key_ssm_name = "/certificates/sub.domain.com/private-key"
  # certificate_body_ssm_name = "/certificates/sub.domain.com/certificate-body"
  # }
+ "platform-test-rails-dev.navateam.com" = {
+ source = "issued"
+ }
  }
  }
  }