-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: add Terraform to configure Scalingo and MEP
- Loading branch information
1 parent
9f64e76
commit 7b42018
Showing
17 changed files
with
488 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# Configuration de NPM | ||
NODE_MODULES_CACHE="${NODE_MODULES_CACHE:-true}" | ||
NPM_CONFIG_PRODUCTION="${NPM_CONFIG_PRODUCTION:-true}" | ||
|
||
# Configuration de Strapi | ||
DATABASE_URL='$SCALINGO_POSTGRESQL_URL' | ||
ADMIN_JWT_SECRET="${ADMIN_JWT_SECRET}" | ||
API_TOKEN_SALT="${ADMIN_JWT_SECRET}" | ||
APP_KEYS="${APP_KEYS}" | ||
JWT_SECRET="${JWT_SECRET}" | ||
STRAPI_TELEMETRY_DISABLED="${STRAPI_TELEMETRY_DISABLED:-true}" | ||
|
||
# Minio utilisé pour le stockage des médias | ||
MINIO_ACCESS_KEY="${MINIO_ACCESS_KEY}" | ||
MINIO_BUCKET="${MINIO_BUCKET}" | ||
MINIO_ENDPOINT="${MINIO_ENDPOINT}" | ||
MINIO_SECRET_KEY="${MINIO_SECRET_KEY}" | ||
|
||
# MeiliSearch | ||
PLUGIN_MEILISEARCH_API_KEY="${PLUGIN_MEILISEARCH_API_KEY}" | ||
PLUGIN_MEILISEARCH_URL="${PLUGIN_MEILISEARCH_URL}" | ||
MEILISEARCH_BATCH_SIZE="${MEILISEARCH_BATCH_SIZE:-100}" | ||
|
||
# Sentry | ||
SENTRY_DSN="${SENTRY_DSN}" | ||
SENTRY_ENVIRONMENT="${SENTRY_ENVIRONMENT}" # "production", "recette" or "dev" | ||
|
||
# Variables auto-configurées par Scalingo : | ||
# - SCALINGO_POSTGRESQL_URL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,7 @@ | ||
{ | ||
"enabled": true, | ||
"extends": ["github>SocialGouv/renovate-config"] | ||
"extends": ["github>SocialGouv/renovate-config"], | ||
"nvm": { | ||
"enabled": true | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
name: Mise en production | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
purge_cloudflare_cache: | ||
description: 'Faut-il vider le cache Cloudflare après le déploiement ?' | ||
type: boolean | ||
default: false | ||
|
||
jobs: | ||
backup: | ||
name: Sauvegarder la base de données PostgreSQL | ||
runs-on: ubuntu-latest | ||
environment: | ||
name: scalingo-production | ||
url: https://www.1jeune1solution.gouv.fr | ||
steps: | ||
- name: Configurer la CLI Scalingo | ||
uses: scalingo-community/[email protected] | ||
with: | ||
api_token: ${{ secrets.SCALINGO_API_TOKEN }} | ||
region: ${{ vars.SCALINGO_REGION }} | ||
app_name: ${{ secrets.TF_VAR_NOM_DE_L_APPLICATION }} | ||
- name: Créer une sauvegarde de la base PostgreSQL Scalingo | ||
run: | | ||
POSTGRESQL_ADDON_ID=$(scalingo addons | grep -i postgresql | awk 'BEGIN{FS=" [|] "}{print $2}') | ||
scalingo backups-create --addon $POSTGRESQL_ADDON_ID | ||
terraform: | ||
uses: DNUM-SocialGouv/1j1s-front/.github/workflows/terraform-template.yml@main | ||
secrets: inherit | ||
with: | ||
apply: true | ||
environnement_name: scalingo-production | ||
environnement_url: https://www.1jeune1solution.gouv.fr | ||
concurrency: terraform-state-production # Evite les conflits sur le state Terraform | ||
|
||
deployment: | ||
name: Déployer le code sur Scalingo | ||
needs: [terraform, backup] | ||
runs-on: ubuntu-latest | ||
environment: | ||
name: scalingo-production | ||
url: https://www.1jeune1solution.gouv.fr | ||
steps: | ||
- name: Configurer la CLI Scalingo | ||
uses: scalingo-community/[email protected] | ||
with: | ||
api_token: ${{ secrets.SCALINGO_API_TOKEN }} | ||
region: ${{ vars.SCALINGO_REGION }} | ||
app_name: ${{ secrets.TF_VAR_NOM_DE_L_APPLICATION }} | ||
- name: Déployer le code sur Scalingo | ||
run: | | ||
scalingo integration-link-manual-deploy main | ||
cloudflare: | ||
name: Purger le cache Cloudflare | ||
needs: scalingo | ||
runs-on: ubuntu-latest | ||
if: ${{ inputs.purge_cloudflare_cache == true }} | ||
|
||
steps: | ||
- name: Purger le cache Cloudflare | ||
uses: nathanvaughn/[email protected] | ||
with: | ||
cf_zone: ${{ secrets.CLOUDFLARE_ZONE_ID }} | ||
cf_auth: ${{ secrets.CLOUDFLARE_API_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
11 changes: 4 additions & 7 deletions
11
.github/workflows/test-ci.yml → .github/workflows/run-unit-tests.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,14 @@ | ||
name: Test | ||
name: Tests unitaires | ||
on: [push] | ||
jobs: | ||
Test: | ||
if: "!contains(github.event.head_commit.message, 'WIP')" | ||
tests-unitaires: | ||
if: ${{ !contains(github.event.head_commit.message, 'WIP') }} | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
node-version: [18.12.1] | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: ${{matrix.node-version}} | ||
node-version-file: ".nvmrc" | ||
cache: 'npm' | ||
- run: npm ci | ||
- run: npm test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
name: Simulation de déploiement Terraform | ||
|
||
# Exécute le plan uniquement quand des modifications sont apportées | ||
# - aux fichiers Terraform | ||
# - aux variables d'environnement | ||
# dans une pull request | ||
on: | ||
pull_request: | ||
branches: [ main ] | ||
paths: | ||
- 'terraform/**' | ||
- '.github/workflows/terraform-*.yml' | ||
- '.env.scalingo' | ||
|
||
jobs: | ||
# Quand le job est exécuté sur une pull request le "plan" s'éxécute sur la recette | ||
# sauf si la pull request est générée par release-please, auquel cas le "plan" s'éxécute sur la production | ||
terraform_plan: | ||
uses: DNUM-SocialGouv/1j1s-front/.github/workflows/terraform-template.yml@main | ||
secrets: inherit | ||
with: | ||
plan: true | ||
environnement_name: ${{ startsWith(github.head_ref, 'release-please--') && 'scalingo-production' || 'scalingo-recette' }} | ||
environnement_url: ${{ startsWith(github.head_ref, 'release-please--') && 'https://www.1jeune1solution.gouv.fr' || 'https://recette.1jeune1solution.gouv.fr' }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
name: Déploiement en Recette | ||
|
||
# Déploie le code Terraform lors de chaque commit/merge sur la branche "main" | ||
# une fois que c'est réussi, normalement l'intégration Github<=>Scalingo automatique va déployer | ||
# la branche main sur l'app 1j1s-front (qui correspond à la recette) | ||
# c'est pour ça qu'on ne déploie pas Scalingo ici | ||
on: | ||
push: | ||
branches: [ main ] | ||
|
||
jobs: | ||
recette: | ||
uses: DNUM-SocialGouv/1j1s-front/.github/workflows/terraform-template.yml@main | ||
secrets: inherit | ||
with: | ||
apply: true | ||
environnement_name: scalingo-recette | ||
environnement_url: https://recette.1jeune1solution.gouv.fr | ||
concurrency: terraform-state-recette # Evite les conflits sur le state Terraform |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,17 @@ | ||
export default ({ env }: any) => ({ | ||
connection: { | ||
client: "postgres", | ||
export default ({ env }: any) => { | ||
const databaseURL = env("DATABASE_URL", "postgres://database-user:[email protected]:5432/cms-principal") | ||
|
||
return { | ||
connection: { | ||
host: env("DATABASE_HOST", "127.0.0.1"), | ||
port: env.int("DATABASE_PORT", 5432), | ||
database: env("DATABASE_NAME", "cms-principal"), | ||
user: env("DATABASE_USERNAME", "database-user"), | ||
password: env("DATABASE_PASSWORD", "database-password"), | ||
ssl: env.bool("DATABASE_SSL", false), | ||
client: "postgres", | ||
connection: { | ||
host: databaseURL.hostname, | ||
port: databaseURL.port, | ||
database: databaseURL.pathname.substr(1), | ||
user: databaseURL.username, | ||
password: databaseURL.password, | ||
ssl: env.bool("DATABASE_SSL", false), | ||
}, | ||
}, | ||
}, | ||
}); | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.