Skip to content

phillamb168/rh-github-prez

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

89 Commits
.github/workflows
.github/workflows
 
 
code
code
 
 
devops
devops
 
 
README.md
README.md
 
 
aws-secrets.gif
aws-secrets.gif
 
 
phpcs.xml
phpcs.xml
 
 

Repository files navigation

Nigh-instantaneous CI/CD

This project utilizes Terraform, Terragrunt, AWS, and a PHP-based CMS of your choice - for this specific example, we are using Drupal.

Getting Started & Documentation

Documentation is available on each of the aforementioned repositories or websites.

Prerequisites

  • Create a Github Bot account. I created one with the username 'phillamb168bot' and appended '+githubbot' to my current email address. Add this account as a collaborator under your repo's access management.
  • Create a Github Bot Token FROM YOUR BOT ACCOUNT. See Github Token Creation for more information.
  • Create a console account with AWS
    • Your account will be provisioned with an AWS access key and secret.
    • Create an EC2 Keypair as well.
    • Keep it secret - keep it safe.
  • Register a domain with Route53
    • Be sure to make note of the "Hosted Zone ID" once the domain is created - you'll need to add it as the zone_id in terraform-modules/webserver/main.tf, under the resource "aws_route53_record" "validation" resource.
  • Create an S3 bucket with an easy-to-remember label. This will be where your TFState files are kept. Ensure that 'Block all public access' is checked, then, after creation of the bucket, go to the 'Permissions' tab and then 'Access Control List.' 'Access for Bucket Owner' should have 'Yes' listed across all four permissions groups.
  • Optional: Create an additional S3 bucket that will contain your private files. You will want to check 'Block all public access.'
  • Optional: Create an additional S3 bucket that will contain your publicly-served files. You will want to uncheck 'Block all public access.'
  • Create a keypair with the name github_deploy_key and add it as a deploy key to your Github repo. IMPORTANT: Currently, this key is checked in to the devops repo. It is therefore imperative that you not check 'Allow write access' on the Github Add Key form. Store the keypair in /devops/files.
  • Modify the Directory directives starting at around line 129 of files/httpd.conf to match your particular requirements.
  • Modify files/php-7.2.ini if necessary (probably not necessary though).
  • Modify the git clone portion of packer.json to match your repo.

Initial configuration

  • Modify terraform.tfvars bucket config definition to match the S# bucket you created earlier.
  • Modify webserver terraform.tfvars to match your setup.

License

License: GPL v3

Non-Github version

If you don't want to use Github or Github actions for this config, ensure that you have the following:

  • AWS Account (there is free tier if you don't have an account yet)
  • aws-cli (latest)
  • Packer (latest)
  • Terraform v0.11.14 (other versions may work too)
  • librarian-chef 0.0.4

First, create the webserver image:

packer build \
        -var "aws_access_key=MAHPUBLICKKEY" \
        -var "aws_secret_key=MAHSEEKRITKEY" \
        -var "region=us-east-1" \
        -var "build_version=1" \
        packer.json

Next, run Terragrunt and get everything deployed:

cd <environment>/
terragrunt init
AWS_PROFILE=myaccount terragrunt apply-all

@To-Dos

  • Move domain-related configuration into environment-specific tfvars files.
  • Properly handle permissions for the deploy key.
  • Modify Github Actions to look at release tags for versioning information.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages