Intial Commit

.config/playbooks/config.yml

@@ -0,0 +1,35 @@
+---
+- name: Install Docker
+  hosts: localhost
+  become: true
+
+  tasks:
+    - name: Ensure the system is up to date
+      yum:
+        name: "*"
+        state: latest
+
+    - name: Install Docker
+      shell: |
+        amazon-linux-extras enable docker
+        yum install -y docker
+
+    - name: Start Docker service
+      systemd:
+        name: docker
+        state: started
+        enabled: yes
+
+    - name: Add ec2-user to the docker group
+      user:
+        name: ec2-user
+        groups: docker
+        append: yes
+
+    - name: Verify Docker installation
+      command: docker --version
+      register: docker_version
+
+    - name: Print Docker version
+      debug:
+        msg: "Docker version installed: {{ docker_version.stdout }}"

.env.prod

@@ -0,0 +1 @@
+CALLME_SERVICE_URL=http://54.229.62.240:8000/callme

.github/workflows/ci-cd-prod.yml

@@ -0,0 +1,99 @@
+name: build and deploy
+
+on:
+  push:
+    paths-ignore:
+      - 'README.md'
+      - '.gitignore'
+    branches: [ "main" ]
+  workflow_dispatch:
+
+jobs:
+  ci-cd-prod-build-push:
+    runs-on: ubuntu-latest
+    env:
+      S3_BUCKET: web-config-scripts-bucket
+      TERRAFORM_VAR_FILE: prod.tfvars
+      REGION: eu-central-1
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up AWS CLI
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.REGION }}
+
+      - name: Upload playbook to S3
+        run: |
+          aws s3 cp .config/playbooks/config.yml s3://${{ env.S3_BUCKET }}/config.yml
+
+      - name: Install Terraform
+        run: |
+          sudo apt-get install -y gnupg software-properties-common curl
+          curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+          sudo apt-add-repository "deb https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+          sudo apt-get install -y terraform
+          terraform --version
+      
+      - name: Terraform Apply
+        id: apply
+        run: |
+          cd .infra/prod
+          terraform init
+          terraform apply -var-file=${{ env.TERRAFORM_VAR_FILE }} -auto-approve
+          echo "PUBLIC_IP=$(terraform output -raw ec2_public_ip)" >> $GITHUB_ENV
+          echo "INSTANCE_ID=$(terraform output -raw ec2_instance_id)" >> $GITHUB_ENV
+        continue-on-error: false
+
+      - name: Docker Login
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Version
+        id: version
+        run: echo "RUN_NUMBER=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV
+
+      - name: Build and Tag Docker Image
+        run: |
+          docker build -t ${{ secrets.DOCKER_HUB_USERNAME }}/example-app:${{ env.RUN_NUMBER }} .
+          docker tag ${{ secrets.DOCKER_HUB_USERNAME }}/example-app:${{ env.RUN_NUMBER }} ${{ secrets.DOCKER_HUB_USERNAME }}/example-app:latest
+      
+      - name: Push Docker Image
+        run: |
+          docker push ${{ secrets.DOCKER_HUB_USERNAME }}/example-app:${{ env.RUN_NUMBER }}
+          docker push ${{ secrets.DOCKER_HUB_USERNAME }}/example-app:latest
+      
+      - name: Check EC2 Status Checks
+        id: ec2-status-check
+        run: |
+          while true; do
+            STATUS=$(aws ec2 describe-instance-status --instance-ids $INSTANCE_ID --query 'InstanceStatuses[0].InstanceStatus.Status' --output text)
+            SYSTEM_STATUS=$(aws ec2 describe-instance-status --instance-ids $INSTANCE_ID --query 'InstanceStatuses[0].SystemStatus.Status' --output text)
+            if [[ "$STATUS" == "ok" && "$SYSTEM_STATUS" == "ok" ]]; then
+              echo "Both EC2 status checks are complete."
+              break
+            else
+              echo "Waiting for EC2 status checks to complete..."
+              sleep 60
+            fi
+          done
+      
+      - name: Deploy to EC2
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ env.PUBLIC_IP }}
+          username: ${{ secrets.USERNAME }}
+          key: ${{ secrets.EC2_KEY }}
+          script: |
+            docker stop example-app || true
+            docker rm example-app || true
+            docker pull ${{ secrets.DOCKER_HUB_USERNAME }}/example-app:${{ env.RUN_NUMBER }}
+            docker run -d --name example-app -p 8000:8000 ${{ secrets.DOCKER_HUB_USERNAME }}/example-app:${{ env.RUN_NUMBER }}
+            sleep 5s
+            curl -X 'POST' 'http://${{ env.PUBLIC_IP }}:8000/start' -H 'Content-Type: application/json' -d '{"url": "http://${{ env.PUBLIC_IP }}:8000/hello"}'

.gitignore

@@ -0,0 +1,165 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+#terraform
+.infra/prod/.terraform*
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/latest/usage/project/#working-with-version-control
+.pdm.toml
+.pdm-python
+.pdm-build/
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/

.infra/prod/backend.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  backend "s3" {
+    bucket         = "aws-tf-backend-state-bucket"
+    key            = "state/terraform-prod.tfstate"
+    region         = "eu-central-1"
+    encrypt        = true
+    dynamodb_table = "terraform-state"
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1"
+}

.infra/prod/ec2.tf

@@ -0,0 +1,66 @@
+resource "aws_instance" "web" {
+  ami                    = var.ami_id
+  instance_type          = var.instance_type
+  vpc_security_group_ids = [aws_security_group.webserver_sg.id]
+  subnet_id              = var.subnet_id
+  user_data              = file("./userdata/user_data.sh")
+  iam_instance_profile   = aws_iam_instance_profile.ec2_s3_access_profile.name
+  key_name               = var.key_name
+
+  root_block_device {
+    volume_size = 8
+    volume_type = "gp3"
+  }
+
+  tags = {
+    Name      = "app-webserver"
+    Terraform = "true"
+  }
+}
+
+
+resource "aws_security_group" "webserver_sg" {
+  name        = "webserver-sg"
+  description = "Allow inbound traffic to webserver"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 8000
+    to_port     = 8000
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name      = "webserver-sg"
+    Terraform = "true"
+  }
+}