From 5f776e834cd987715a61a0e68a3f5c930599f188 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Sat, 19 Oct 2024 00:14:06 -0700 Subject: [PATCH 01/19] Add empty Readme file --- web/deploy/terraform/README.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 web/deploy/terraform/README.md diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md new file mode 100644 index 00000000..e69de29b From 842637da19bd8cf1edaada2053879b8ecf1687cf Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Sat, 19 Oct 2024 00:34:29 -0700 Subject: [PATCH 02/19] Add general notes section --- web/deploy/terraform/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index e69de29b..a9bf18eb 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -0,0 +1,8 @@ +# Resource Deployment + +## General Notes + +Deployment of infrastructure resources requires [OpenTofu](https://opentofu.org/) (version >=1.8.0). + +When calling modules, the relevant input variables can be found in their `variables.tf` file or sometimes their `variables_state.tf` file. This is where the parametrization takes place. In general, a module's `main.tf` file should only be modified if you would like to change what infrastructure is created. Modifying a module's `main.tf` file should seldom be necessary. + From 559bfa2a6da889f82e082394be66cabb5e40b80a Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Sat, 19 Oct 2024 01:09:54 -0700 Subject: [PATCH 03/19] Add section on how to deploy state resources --- web/deploy/terraform/README.md | 45 ++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index a9bf18eb..7673e944 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -6,3 +6,48 @@ Deployment of infrastructure resources requires [OpenTofu](https://opentofu.org/ When calling modules, the relevant input variables can be found in their `variables.tf` file or sometimes their `variables_state.tf` file. This is where the parametrization takes place. In general, a module's `main.tf` file should only be modified if you would like to change what infrastructure is created. Modifying a module's `main.tf` file should seldom be necessary. +## Deployment Steps + +### 0. Bootstrap Step: Deploy State Resources + +> **_Note:_** This step should be run manually on the developer's/infrastructure engineer's local machine. All subsequent steps will be run automatically by a CD workflow. + +> **_Note:_** This step should only be run once for the lifetime of the deployment. + +It is recommended that you use the default variable values, as defined in `modules/state/variables.tf`. If you want to change the values from the defaults, you can add your desired values in `state/main.tf`. You will then need to change the corresponding values in the `variables_state.tf` files of the resources (i.e. `shared`, `staging`, and `production`) to match what you set in `state/main.tf`. This can be done in an automated way by running + +```bash +$ cd ~/path-to-repo/web/deploy/terraform/ +$ # Change DynamoDB state lock table names +$ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/terraform-state-locks/foo-bar-state-locks/g" {} + +$ # Change names of S3 buckets that store OpenTofu state +$ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/osm-terraform-state-storage/foo-bar-state-storage-test/g" {} + +$ # Change AWS region where state resources reside +$ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/us-east-1/us-foobar-1/g" {} + +``` + +Once you have configured the variables (or preferably will be using the defaults), you can deploy the state management resources with + +```bash +$ cd ~/path-to-repo/web/deploy/terraform/state/ +$ tofu init +$ tofu plan # This is not required, but gives a nice preview +$ tofu apply +``` + +> **_NOTE:_** In order to prevent accidental destruction, the `state` modules are configured to [prevent destruction](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#prevent_destroy) ([more info on `prevent_destroy`](https://developer.hashicorp.com/terraform/tutorials/state/resource-lifecycle#prevent-resource-deletion)) using OpenTofu. To destroy state resources, you must do so manually in the AWS Management Console. + +### 1. Deploy Shared Resources + +> **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. + +First, for each resource defined by a module in `shared/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables`. + +Then you can deploy the shared resources with + +```bash +$ cd ~/path-to-repo/web/deploy/terraform/shared/ +$ tofu init +$ tofu plan # This is not required, but gives a nice preview +$ tofu apply +``` From fd30d24362aa147be8d1bc93f87a3d1a9da6a025 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Sat, 19 Oct 2024 01:56:44 -0700 Subject: [PATCH 04/19] Add step for deploying staging resources --- web/deploy/terraform/README.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 7673e944..52920f7a 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -41,7 +41,7 @@ $ tofu apply > **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. -First, for each resource defined by a module in `shared/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables`. +First, for each resource defined by a module in `shared/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables.tf`. Then you can deploy the shared resources with @@ -51,3 +51,18 @@ $ tofu init $ tofu plan # This is not required, but gives a nice preview $ tofu apply ``` + +### 2. Deploy Staging Resources + +> **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. + +First, for each resource defined by a module in `staging/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables.tf`. + +Then you can deploy the staging resources with + +```bash +$ cd ~/path-to-repo/web/deploy/terraform/staging/ +$ tofu init +$ tofu plan # This is not required, but gives a nice preview +$ tofu apply +``` From 32e297e0f8176cfe1e5299bbe5cc80f8c47385aa Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Sat, 19 Oct 2024 01:57:56 -0700 Subject: [PATCH 05/19] Add step for deploying production resources --- web/deploy/terraform/README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 52920f7a..ca390994 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -66,3 +66,18 @@ $ tofu init $ tofu plan # This is not required, but gives a nice preview $ tofu apply ``` + +### 3. Deploy Production Resources + +> **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. + +First, for each resource defined by a module in `production/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables.tf`. + +Then you can deploy the production resources with + +```bash +$ cd ~/path-to-repo/web/deploy/terraform/production/ +$ tofu init +$ tofu plan # This is not required, but gives a nice preview +$ tofu apply +``` From af40313b2a11391349e136c95dd0d493ef9b0cca Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Sat, 19 Oct 2024 02:01:41 -0700 Subject: [PATCH 06/19] Add note about redeployment --- web/deploy/terraform/README.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index ca390994..8d801d31 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -52,6 +52,14 @@ $ tofu plan # This is not required, but gives a nice preview $ tofu apply ``` +If you modify the shared deployment, you can redeploy it with + +```bash +$ cd ~/path-to-repo/web/deploy/terraform/shared/ +$ tofu plan # This is not required, but gives a nice preview +$ tofu apply +``` + ### 2. Deploy Staging Resources > **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. @@ -67,6 +75,14 @@ $ tofu plan # This is not required, but gives a nice preview $ tofu apply ``` +If you modify the staging deployment, you can redeploy it with + +```bash +$ cd ~/path-to-repo/web/deploy/terraform/staging/ +$ tofu plan # This is not required, but gives a nice preview +$ tofu apply +``` + ### 3. Deploy Production Resources > **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. @@ -81,3 +97,11 @@ $ tofu init $ tofu plan # This is not required, but gives a nice preview $ tofu apply ``` + +If you modify the production deployment, you can redeploy it with + +```bash +$ cd ~/path-to-repo/web/deploy/terraform/production/ +$ tofu plan # This is not required, but gives a nice preview +$ tofu apply +``` From 328df4aff8bb6604ecc76bfed3d5b4eccfcbbf18 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Sat, 19 Oct 2024 02:05:54 -0700 Subject: [PATCH 07/19] Autoupdate pre-commit --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a4e89459..d9b963d3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ repos: - repo: https://github.com/astral-sh/ruff-pre-commit # Ruff version. - rev: v0.5.0 + rev: v0.7.0 hooks: # Run the linter. - id: ruff @@ -35,7 +35,7 @@ repos: args: ["--profile", "black"] - repo: https://github.com/tofuutils/pre-commit-opentofu - rev: v1.0.4 + rev: v2.1.0 hooks: - id: tofu_validate - id: tofu_fmt From c3595da0692fca693069ed284e5ad1b00235f49a Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Wed, 23 Oct 2024 21:22:23 -0700 Subject: [PATCH 08/19] Also change module values --- web/deploy/terraform/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 8d801d31..a9d86d45 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -20,10 +20,13 @@ It is recommended that you use the default variable values, as defined in `modul $ cd ~/path-to-repo/web/deploy/terraform/ $ # Change DynamoDB state lock table names $ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/terraform-state-locks/foo-bar-state-locks/g" {} + +$ find modules/ -name "variables.tf" -exec sed -i "s/terraform-state-locks/foo-bar-state-locks/g" {} + $ # Change names of S3 buckets that store OpenTofu state $ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/osm-terraform-state-storage/foo-bar-state-storage-test/g" {} + +$ find modules/ -name "variables.tf" -exec sed -i "s/osm-terraform-state-storage/foo-bar-state-storage-test/g" {} + $ # Change AWS region where state resources reside $ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/us-east-1/us-foobar-1/g" {} + +$ find modules/ -name "variables.tf" -exec sed -i "s/us-east-1/us-foobar-1/g" {} + ``` Once you have configured the variables (or preferably will be using the defaults), you can deploy the state management resources with From 2dffe70ac4902a7df885692da3eb3ac21da7d35a Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 19:36:06 -0700 Subject: [PATCH 09/19] Change commands to change default state resource names --- web/deploy/terraform/README.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index a9d86d45..998b9573 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -19,14 +19,11 @@ It is recommended that you use the default variable values, as defined in `modul ```bash $ cd ~/path-to-repo/web/deploy/terraform/ $ # Change DynamoDB state lock table names -$ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/terraform-state-locks/foo-bar-state-locks/g" {} + -$ find modules/ -name "variables.tf" -exec sed -i "s/terraform-state-locks/foo-bar-state-locks/g" {} + +$ find -name "*.tf" -exec sed -i "s/terraform-state-locks/foo-bar-state-locks/g" {} + $ # Change names of S3 buckets that store OpenTofu state -$ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/osm-terraform-state-storage/foo-bar-state-storage-test/g" {} + -$ find modules/ -name "variables.tf" -exec sed -i "s/osm-terraform-state-storage/foo-bar-state-storage-test/g" {} + +$ find -name "*.tf" -exec sed -i "s/osm-terraform-state-storage/foo-bar-state-storage-test/g" {} + $ # Change AWS region where state resources reside -$ find staging/ shared/ production/ -name "variables_state.tf" -exec sed -i "s/us-east-1/us-foobar-1/g" {} + -$ find modules/ -name "variables.tf" -exec sed -i "s/us-east-1/us-foobar-1/g" {} + +$ find -name "*.tf" -exec sed -i "s/us-east-1/us-foobar-1/g" {} + ``` Once you have configured the variables (or preferably will be using the defaults), you can deploy the state management resources with From 2843aae383ce8268a162af93541fdff4a1fd54b6 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 19:39:22 -0700 Subject: [PATCH 10/19] Add note about running shared resources manually for the first deployment until IAM permissions are fixed --- web/deploy/terraform/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 998b9573..18a1a6bb 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -41,6 +41,8 @@ $ tofu apply > **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. +> **_Note:_** Until IAM policies are fixed, this step must also be run manually when deploying the infrastructure for the first time. + First, for each resource defined by a module in `shared/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables.tf`. Then you can deploy the shared resources with From 6c383212bb92999fbd6b3bcbdd946d928517d44f Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 19:42:06 -0700 Subject: [PATCH 11/19] Remove unnecessary comment about variables --- web/deploy/terraform/README.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 18a1a6bb..265c204d 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -43,9 +43,7 @@ $ tofu apply > **_Note:_** Until IAM policies are fixed, this step must also be run manually when deploying the infrastructure for the first time. -First, for each resource defined by a module in `shared/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables.tf`. - -Then you can deploy the shared resources with +You can deploy the shared resources with ```bash $ cd ~/path-to-repo/web/deploy/terraform/shared/ @@ -66,9 +64,7 @@ $ tofu apply > **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. -First, for each resource defined by a module in `staging/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables.tf`. - -Then you can deploy the staging resources with +You can deploy the staging resources with ```bash $ cd ~/path-to-repo/web/deploy/terraform/staging/ @@ -89,9 +85,7 @@ $ tofu apply > **_Note:_** This step will usually be run by a CD workflow. This step is included here for development/debugging purposes. -First, for each resource defined by a module in `production/main.tf`, make sure that resource's input variables are set to your desired values. You can find the input variables for a module `foo` in `modules/foo/variables.tf`. - -Then you can deploy the production resources with +You can deploy the production resources with ```bash $ cd ~/path-to-repo/web/deploy/terraform/production/ From b2700782503ca4d76543b0b0dd6016518520a536 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 19:47:50 -0700 Subject: [PATCH 12/19] Change section title --- web/deploy/terraform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 265c204d..376b44d6 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -6,7 +6,7 @@ Deployment of infrastructure resources requires [OpenTofu](https://opentofu.org/ When calling modules, the relevant input variables can be found in their `variables.tf` file or sometimes their `variables_state.tf` file. This is where the parametrization takes place. In general, a module's `main.tf` file should only be modified if you would like to change what infrastructure is created. Modifying a module's `main.tf` file should seldom be necessary. -## Deployment Steps +## Manual Deployment Steps ### 0. Bootstrap Step: Deploy State Resources From b541dc79a0493364765ccda8ce402a6fb53f3b49 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 20:08:13 -0700 Subject: [PATCH 13/19] Add general notes for development/deployment workflow --- web/deploy/terraform/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 376b44d6..27dfc2ce 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -101,3 +101,9 @@ $ cd ~/path-to-repo/web/deploy/terraform/production/ $ tofu plan # This is not required, but gives a nice preview $ tofu apply ``` + +## Development/Deployment Workflow + +In general, once everything is configured and resources are up, the only human interaction necessary is during [deployment to production](#deployment-to-production). + +### Deployment to Production From 9f8cc663766baf9cf123154049c4fe938d3f67f6 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 20:09:09 -0700 Subject: [PATCH 14/19] Add notes on deployment to staging and trigger `deploy-opentofu.yml` if it is modified --- .github/workflows/deploy-opentofu.yml | 3 +++ web/deploy/terraform/README.md | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/.github/workflows/deploy-opentofu.yml b/.github/workflows/deploy-opentofu.yml index 1b0c1d7f..b4f4c00c 100644 --- a/.github/workflows/deploy-opentofu.yml +++ b/.github/workflows/deploy-opentofu.yml @@ -7,6 +7,7 @@ on: - '!main' paths: - 'web/deploy/terraform/**' + - '.github/workflows/deploy-opentofu.yml' workflow_dispatch: inputs: development-environment: @@ -29,6 +30,8 @@ on: - closed paths: - 'web/deploy/terraform/**' + - '.github/workflows/deploy-opentofu.yml' + env: working_directory_parent: ./web/deploy/terraform TF_VAR_AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 27dfc2ce..4e8ebec0 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -106,4 +106,12 @@ $ tofu apply In general, once everything is configured and resources are up, the only human interaction necessary is during [deployment to production](#deployment-to-production). +### Deployment to Staging + +When pull requests are merged to main, up to two main workflows are run: [`deploy-docker.yml`](../../../.github/workflows/deploy-docker.yml) and [`deploy-opentofu.yml`](../../../.github/workflows/deploy-opentofu.yml). + +If none of the files in a pull request are included in `web/deploy/terraform` or `.github/workflows/deploy-opentofu.yml`, then only `deploy-docker.yml` will be run and the Docker image on the staging EC2 instance will be pushed and rerun. + +If any of the files in a pull request is included in `web/deploy/terraform` or `.github/workflows/deploy-opentofu.yml`, then both `deploy-docker.yml` and `deploy-opentofu.yml` will be run. In this case, however, `deploy-docker.yml` will see that paths dealing with OpenTofu were modified and terminate early and successfully without doing anything. At the same time, `deploy-opentofu.yml` will run and redeploy both shared and staging resources to the staging EC2 instance. After running all OpenTofu actions successfully, `deploy-opentofu.yml` will run `deploy-docker.yml` as a child workflow via the [`workflow_call`](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflow_call) trigger. This way, the potent parts of `deploy-docker.yml`, i.e. the parts that actually build and deploy images, is only run once per merged pull request. + ### Deployment to Production From a1794bba4ac76978c05aad060cc29f681485a6c8 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 20:17:49 -0700 Subject: [PATCH 15/19] Add notes on manual deployment and point production deployment to manual instructions --- web/deploy/terraform/README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index 4e8ebec0..bf56f718 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -115,3 +115,13 @@ If none of the files in a pull request are included in `web/deploy/terraform` or If any of the files in a pull request is included in `web/deploy/terraform` or `.github/workflows/deploy-opentofu.yml`, then both `deploy-docker.yml` and `deploy-opentofu.yml` will be run. In this case, however, `deploy-docker.yml` will see that paths dealing with OpenTofu were modified and terminate early and successfully without doing anything. At the same time, `deploy-opentofu.yml` will run and redeploy both shared and staging resources to the staging EC2 instance. After running all OpenTofu actions successfully, `deploy-opentofu.yml` will run `deploy-docker.yml` as a child workflow via the [`workflow_call`](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflow_call) trigger. This way, the potent parts of `deploy-docker.yml`, i.e. the parts that actually build and deploy images, is only run once per merged pull request. ### Deployment to Production + +The way to deploy to production is to [manually dispatch your desired workflow](#manual-deployment-from-github-actions). + +Note that running the OpenTofu deployment to production will _not_ redeploy the shared resources. + +### Manual Deployment from GitHub Actions + +You can manually deploy the [Docker images](https://github.com/nimh-dsst/osm/actions/workflows/deploy-docker.yml) and [OpenTofu deployment](https://github.com/nimh-dsst/osm/actions/workflows/deploy-opentofu.yml) by navigating to the appropriate action and clicking the "Run workflow" button to reveal the associated menu. Using that menu, you can dispatch either workflow from an arbitrary branch in the repository to either staging or production. + +Note that running the OpenTofu deployment will automatically run the Docker deployment as a child workflow. From 478a26b13cb9e2b4b1bec9baedb1bc1f9c898c3e Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 20:27:04 -0700 Subject: [PATCH 16/19] Add note about push triggers --- web/deploy/terraform/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index bf56f718..e467359c 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -106,6 +106,8 @@ $ tofu apply In general, once everything is configured and resources are up, the only human interaction necessary is during [deployment to production](#deployment-to-production). +During development, for every push where a file in `web/deploy/terraform` or `.github/workflows/deploy-opentofu.yml` is modified, [`deploy-opentofu.yml`](../../../.github/workflows/deploy-opentofu.yml) will be run, and the actions up to the `tofu plan` steps will be run as feedback for the developer. The `tofu apply` steps will _not_ be run. + ### Deployment to Staging When pull requests are merged to main, up to two main workflows are run: [`deploy-docker.yml`](../../../.github/workflows/deploy-docker.yml) and [`deploy-opentofu.yml`](../../../.github/workflows/deploy-opentofu.yml). From efd7e0ba09273c026f6fbc148c4aa478d5063847 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 20:29:08 -0700 Subject: [PATCH 17/19] Move deprecated files to `deprecated` directory --- web/deploy/{ => deprecated}/README.md | 0 web/deploy/{ => deprecated}/environment.yaml | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename web/deploy/{ => deprecated}/README.md (100%) rename web/deploy/{ => deprecated}/environment.yaml (100%) diff --git a/web/deploy/README.md b/web/deploy/deprecated/README.md similarity index 100% rename from web/deploy/README.md rename to web/deploy/deprecated/README.md diff --git a/web/deploy/environment.yaml b/web/deploy/deprecated/environment.yaml similarity index 100% rename from web/deploy/environment.yaml rename to web/deploy/deprecated/environment.yaml From e39ea552f8e906aa4992664fc166faf965f90139 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 20:31:40 -0700 Subject: [PATCH 18/19] Add implementation note --- web/deploy/terraform/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index e467359c..a12e8f53 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -127,3 +127,7 @@ Note that running the OpenTofu deployment to production will _not_ redeploy the You can manually deploy the [Docker images](https://github.com/nimh-dsst/osm/actions/workflows/deploy-docker.yml) and [OpenTofu deployment](https://github.com/nimh-dsst/osm/actions/workflows/deploy-opentofu.yml) by navigating to the appropriate action and clicking the "Run workflow" button to reveal the associated menu. Using that menu, you can dispatch either workflow from an arbitrary branch in the repository to either staging or production. Note that running the OpenTofu deployment will automatically run the Docker deployment as a child workflow. + +## Implementation Notes + +The two main workflows are implemented in [`deploy-docker.yml`](../../../.github/workflows/deploy-docker.yml) and [`deploy-opentofu.yml`](../../../.github/workflows/deploy-opentofu.yml). There are other workflows that are called as child workflows to those two, but they are never called directly themselves. From 1406660324828c6ea9d3d6f4ad98890fd6107087 Mon Sep 17 00:00:00 2001 From: smokestacklightnin <125844868+smokestacklightnin@users.noreply.github.com> Date: Thu, 31 Oct 2024 21:25:49 -0700 Subject: [PATCH 19/19] Add required repository secrets and variables --- web/deploy/terraform/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/web/deploy/terraform/README.md b/web/deploy/terraform/README.md index a12e8f53..6ea30639 100644 --- a/web/deploy/terraform/README.md +++ b/web/deploy/terraform/README.md @@ -6,6 +6,24 @@ Deployment of infrastructure resources requires [OpenTofu](https://opentofu.org/ When calling modules, the relevant input variables can be found in their `variables.tf` file or sometimes their `variables_state.tf` file. This is where the parametrization takes place. In general, a module's `main.tf` file should only be modified if you would like to change what infrastructure is created. Modifying a module's `main.tf` file should seldom be necessary. +## Repository Secrets and Variables + +You must set the following [repository secrets](https://github.com/nimh-dsst/osm/settings/secrets/actions) before running the GitHub workflows: + +* `AWS_ACCOUNT_ID`: The [AWS account ID](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-identifiers.html#FindAccountId) used for the deployments +* `AWS_REGION`: The AWS region where the deployments reside +* `MONGODB_URI`: The URI of the MongoDB holding the data. This variable was temperamental. Please try saving it as a secret surrounded by single quotes `'`. +* `SSH_PRIVATE_KEY`: The private SSH key used to ssh into the ec2 instances +* `SSH_PUBLIC_KEY`: The public SSH key used to ssh into the ec2 instances corresponding to the above private key +* `SSH_PROD_HOST`: The static IP address of the production ec2 instance +* `SSH_STAGE_HOST`: The static IP address of the staging ec2 instance +* `LETSENCRYPT_ADMIN_EMAIL`: The email address associated with the Let's Encrypt certificate + +You must also set the following [repository variables](https://github.com/nimh-dsst/osm/settings/variables/actions) before running the GitHub workflows: + +* `PRODUCTION_DEPLOYMENT_URI`: The URL of the production deployment. Probably `'opensciencemetrics.org'` (including single quotes `'`) +* `STAGING_DEPLOYMENT_URI`: The URL of the staging deployment. Probably `'dev.opensciencemetrics.org'` (including single quotes `'`) + ## Manual Deployment Steps ### 0. Bootstrap Step: Deploy State Resources