refactor(iac)!: Restructure into environments and modules (#101)

Author: chris3ware

.github/workflows/delete-workflow-run.yaml

@@ -2,7 +2,7 @@ name: Delete old workflow runs
 on:
   schedule:
     - cron: 0 0 1 * *
-  workflow_call: {}
+  workflow_dispatch: {}
 
 # Disable permissions for all available scopes
 permissions: {}

.github/workflows/infracost.yaml

@@ -3,28 +3,31 @@ name: Infracost
 on:
   pull_request:
     branches: [main]
-    types: [opened, synchronize]
+    types: [opened, reopened, synchronize]
     paths:
-      - "**/*.tf"
-      - "**/*.tfvars"
+      - iac/**/*.tf
+      - iac/**/*.tfvars
+      - iac/**/*.tftpl
+      - iac/**/*.hcl
 
 permissions: {}
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.repository }}
   cancel-in-progress: true
 
+defaults:
+  run:
+    shell: bash
+    working-directory: iac
+
 jobs:
   infracost:
     name: Infracost Pull Request Checks
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./terraform
     permissions:
       contents: read
       pull-requests: write
+    runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
       - name: Setup Infracost
@@ -37,6 +40,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.pull_request.base.ref }}
+          persist-credentials: false
 
       # Generate Infracost JSON file as the baseline.
       - name: Generate Infracost cost estimate baseline

.github/workflows/terraform-docs.yaml

@@ -5,9 +5,10 @@ on:
     types: [closed]
     branches: [main]
     paths:
-      - terraform/**/*.tf
-      - terraform/**/*.tfvars
-      - terraform/**/*.tftpl
+      - iac/**/*.tf
+      - iac/**/*.tfvars
+      - iac/**/*.tftpl
+      - iac/**/*.hcl
 
 # Disable permissions for all available scopes
 permissions: {}

.trunk/configs/.tflint_ci.hcl

@@ -4,14 +4,11 @@ plugin "terraform" {
   preset = "all"
 }
 
-Enable the AWS plugin if required
 plugin "aws" {
   enabled = true
   version = "0.33.0"
   source  = "github.com/terraform-linters/tflint-ruleset-aws"
 
   # Deep check can be enabled in CI/CD pipelines, where AWS credentials are set
-  # This configuration file should be references using the `--config` flag
-  # Example: https://github.com/3ware/aws-network-speciality/blob/79a2be0813e053f17ed4f802705f7b6f2c350f0d/.github/workflows/terraform-ci.yaml#L114
   deep_check = true
-}
+}

iac/environments/dev/.terraform.lock.hcl

@@ -0,0 +1,43 @@
+terraform {
+  required_version = ">= 1.9, < 2.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.90"
+    }
+  }
+
+  cloud {
+    organization = "3ware"
+    hostname     = "app.terraform.io"
+
+    workspaces {
+      project = var.aws_project
+      name    = "${var.aws_service}-${var.aws_region}-${var.aws_environment}"
+
+    }
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+
+  default_tags {
+    tags = {
+      "3ware:project-id"           = var.aws_project
+      "3ware:environment"          = var.aws_environment
+      "3ware:service"              = var.aws_service
+      "3ware:managed-by-terraform" = true
+      "3ware:workspace"            = terraform.workspace
+    }
+  }
+}
+
+module "gitops_2024" {
+  source = "../../modules/gitops-2024"
+
+  aws_environment = var.aws_environment
+  instance_type   = "t2.micro"
+  vpc_cidr_block  = "10.0.0.0/16"
+}

iac/environments/dev/main.tf

@@ -0,0 +1,4 @@
+output "grafana_ip" {
+  description = "The public IP address of the Grafana instance"
+  value       = module.gitops_2024.grafana_ip
+}

iac/environments/dev/outputs.tf

@@ -0,0 +1,4 @@
+aws_environment = "development"
+aws_project     = "gitops-2024"
+aws_region      = "eu-west-2"
+aws_service     = "gitops-infra"

iac/environments/dev/terraform.tfvars

@@ -0,0 +1,19 @@
+variable "aws_environment" {
+  description = "(Required) The AWS environment to deploy resources to"
+  type        = string
+}
+
+variable "aws_project" {
+  description = "(Required) The AWS project to deploy resources to"
+  type        = string
+}
+
+variable "aws_region" {
+  description = "(Required) The AWS region to deploy resources to"
+  type        = string
+}
+
+variable "aws_service" {
+  description = "(Required) The AWS service being deployed"
+  type        = string
+}