Revamp Repo Structure

.github/workflows/_terraformEnvironmentTemplate.yml

@@ -1,34 +1,42 @@
-name: Terraform Environment Template
+name: Terraform Template
 
 on:
   workflow_call:
     inputs:
       environment:
         required: true
         type: string
-        default: "dev"
         description: "Specifies the environment of the deployment."
+      config:
+        required: true
+        type: string
+        description: "Specifies the configuration folder for the deployment."
+      terraform_version:
+        required: true
+        type: string
+        description: "Specifies the terraform version."
+      node_version:
+        required: true
+        type: number
+        description: "Specifies the node version."
       working_directory:
         required: true
         type: string
         description: "Specifies the working directory."
-      subscription_id:
+      tenant_id:
         required: true
         type: string
-        description: "Specifies the Azure subscription id."
-      terraform_version:
+        description: "Specifies the tenant id of the deployment."
+      subscription_id:
         required: true
         type: string
-        description: "Specifies the terraform version."
+        description: "Specifies the subscription id of the deployment."
       export_terraform_outputs:
         required: false
         type: boolean
         default: false
         description: "Specifies whether terraform outputs should be exported."
     secrets:
-      TENANT_ID:
-        required: true
-        description: "Specifies the tenant id of the deployment."
       CLIENT_ID:
         required: true
         description: "Specifies the client id."
@@ -40,12 +48,16 @@ on:
         description: "A sample value."
         value: ${{ jobs.apply.outputs.test }}
 
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
 jobs:
   lint:
     name: Terraform Lint
-    runs-on: [ubuntu-latest]
+    runs-on: ubuntu-latest
     continue-on-error: false
-    needs: []
 
     steps:
       # Setup Terraform
@@ -68,6 +80,26 @@ jobs:
         run: |
           terraform fmt -check -recursive
 
+      # Add Pull Request Comment
+      - name: Add Pull Request Comment
+        uses: actions/github-script@v7
+        id: pr_comment
+        if: github.event_name == 'pull_request'
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Lint Results
+            * Terraform Version 📎\`${{ inputs.terraform_version }}\`
+            * Working Directory 📂\`${{ inputs.working_directory }}\`
+            * Terraform Format and Style 🖌\`${{ steps.terraform_format.outcome }}\``;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+
   plan:
     name: Terraform Plan
     runs-on: [self-hosted]
@@ -76,7 +108,7 @@ jobs:
     needs: [lint]
 
     env:
-      ARM_TENANT_ID: ${{ secrets.TENANT_ID }}
+      ARM_TENANT_ID: ${{ inputs.tenant_id }}
       ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
       ARM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
       ARM_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
@@ -88,7 +120,7 @@ jobs:
         id: node_setup
         uses: actions/setup-node@v4
         with:
-          node-version: 16
+          node-version: ${{ inputs.node_version }}
 
       # Setup Terraform
       - name: Setup Terraform
@@ -108,7 +140,9 @@ jobs:
         id: terraform_init
         working-directory: ${{ inputs.working_directory }}
         run: |
-          terraform init
+          terraform init -backend-config=../../config/${CONFIG}/azurerm.tfbackend
+        env:
+          CONFIG: ${{ inputs.config }}
 
       # Terraform Validate
       - name: Terraform Validate
@@ -122,20 +156,53 @@ jobs:
         id: terraform_plan
         working-directory: ${{ inputs.working_directory }}
         run: |
-          terraform plan -var-file vars.${{ inputs.environment }}.tfvars -input=false
+          terraform plan -var-file="../../config/${CONFIG}/vars.tfvars" -input=false
+        env:
+          CONFIG: ${{ inputs.config }}
+
+      # Add Pull Request Comment
+      - name: Add Pull Request Comment
+        id: pr_comment
+        uses: actions/github-script@v7
+        if: github.event_name == 'pull_request'
+        continue-on-error: true
+        env:
+          PLAN: "terraform\n${{ steps.terraform_plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Validation & Plan Results
+            * Terraform Version 📎\`${{ inputs.terraform_version }}\`
+            * Working Directory 📂\`${{ inputs.working_directory }}\`
+            * Terraform Initialization ⚙️\`${{ steps.terraform_init.outcome }}\`
+            * Terraform Validation 🤖\`${{ steps.terraform_validate.outcome }}\`
+            * Terraform Plan 📖\`${{ steps.terraform_plan.outcome }}\`
+
+            <details><summary>Show Plan</summary>
+
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+
+            </details>`;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
 
   apply:
     name: Terraform Apply
     runs-on: [self-hosted]
     continue-on-error: false
     environment: ${{ inputs.environment }}
-    # if: github.event_name == 'push' || github.event_name == 'release'
-    needs: [lint, plan]
-    outputs:
-      test: ${{ steps.terraform_outputs.outputs.test }}
+    if: github.event_name == 'push' || github.event_name == 'release'
+    needs: [plan]
 
     env:
-      ARM_TENANT_ID: ${{ secrets.TENANT_ID }}
+      ARM_TENANT_ID: ${{ inputs.tenant_id }}
       ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
       ARM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
       ARM_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
@@ -147,7 +214,7 @@ jobs:
         id: node_setup
         uses: actions/setup-node@v4
         with:
-          node-version: 16
+          node-version: ${{ inputs.node_version }}
 
       # Setup Terraform
       - name: Setup Terraform
@@ -162,24 +229,21 @@ jobs:
         id: checkout_repository
         uses: actions/checkout@v4
 
-      # Login to Azure
-      - name: Azure Login
-        id: azure_login
-        uses: azure/login@v1
-        with:
-          creds: '{"clientId":"${{ secrets.CLIENT_ID }}","clientSecret":"${{ secrets.CLIENT_SECRET }}","subscriptionId":"${{ inputs.subscription_id }}","tenantId":"${{ secrets.TENANT_ID }}"}'
-
       # Terraform Init
       - name: Terraform Init
         working-directory: ${{ inputs.working_directory }}
         run: |
-          terraform init
+          terraform init -backend-config=../../config/${CONFIG}/azurerm.tfbackend
+        env:
+          CONFIG: ${{ inputs.config }}
 
       # Terraform Apply
       - name: Terraform Apply
         working-directory: ${{ inputs.working_directory }}
         run: |
-          terraform apply -var-file vars.${{ inputs.environment }}.tfvars -auto-approve -input=false
+          terraform apply -var-file="../../config/${CONFIG}/vars.tfvars" -auto-approve -input=false
+        env:
+          CONFIG: ${{ inputs.config }}
 
       # Terraform Export Outputs
       - name: Terraform Export Outputs
@@ -189,9 +253,3 @@ jobs:
         run: |
           test=$(terraform output -raw test)
           echo "test=$test" >> "$GITHUB_OUTPUT"
-
-      # Log out from Azure
-      - name: Log out from Azure
-        id: azure_logout
-        run: |
-          az logout

.github/workflows/lint.yml

@@ -14,6 +14,21 @@ jobs:
     continue-on-error: false
 
     steps:
+      # Setup Python 3.11
+      - name: Setup Python 3.11
+        id: python_setup
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      # Setup Terraform
+      - name: Setup Terraform
+        id: terraform_setup
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.6.6"
+          terraform_wrapper: true
+
       # Checkout repository
       - name: Check Out Repository
         id: checkout_repository

.github/workflows/newMajorVersion.yml

@@ -1,36 +1,31 @@
 name: Release new major version
+
 on:
   release:
     types: [released]
   workflow_dispatch:
     inputs:
       tag_name:
-        description: "Tag name that the major tag will point to"
         required: true
+        type: string
+        description: 'Tag name that the major tag will point to'
 
+permissions:
+  contents: write
 env:
   TAG_NAME: ${{ github.event.inputs.tag_name || github.event.release.tag_name }}
 
 jobs:
   update_tag:
     name: Update the major tag to include the ${{ github.event.inputs.tag_name || github.event.release.tag_name }} changes
-    runs-on: [ubuntu-latest]
+    runs-on: ubuntu-latest
+    continue-on-error: false
 
     steps:
-      # Checkout repository
-      - name: Check Out Repository
-        id: checkout_repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ env.TAG_NAME }}
-          token: ${{ secrets.PAT }}
-
-      - name: Get major version num and update tag
+      # Update major tag
+      - name: Update the ${{ env.TAG_NAME }} tag
         id: update_tag
-        run: |
-          VERSION=${{ env.TAG_NAME }}
-          MAJOR=${VERSION%%.*}
-          git config --global user.name 'github-action'
-          git config --global user.email '[email protected]'
-          git tag -fa ${MAJOR} -m "Update major version tag"
-          git push origin ${MAJOR} --force
+        uses: actions/[email protected]
+        with:
+          source-tag: ${{ env.TAG_NAME }}
+          slack-webhook: ""

.github/workflows/deployment.yml → .github/workflows/terraform.yml

@@ -4,27 +4,31 @@ on:
     branches:
       - main
     paths:
-      - "code/terraform/**"
-      - ".github/workflows/deployment"
+      - "**.tf"
+      - "code/infra/**"
+      - ".github/workflows/terraform.yml"
 
   pull_request:
     branches:
       - main
     paths:
-      - "code/terraform/**"
-      - ".github/workflows/deployment"
+      - "**.tf"
+      - "code/infra/**"
+      - ".github/workflows/terraform.yml"
 
 jobs:
   terraform:
     uses: ./.github/workflows/_terraformEnvironmentTemplate.yml
     name: "Terraform Deployment"
     with:
       environment: "dev"
-      working_directory: "./code/terraform"
+      config: "PerfectThymeTech"
+      terraform_version: "1.6.6"
+      node_version: 18
+      working_directory: "./code/infra"
+      tenant_id: "3556be79-2979-4b19-a1af-4dd4e6d9ed7e"
       subscription_id: "8f171ff9-2b5b-4f0f-aed5-7fa360a1d094"
-      terraform_version: "1.5.6"
       export_terraform_outputs: false
     secrets:
-      TENANT_ID: ${{ secrets.TENANT_ID }}
       CLIENT_ID: ${{ secrets.CLIENT_ID }}
       CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}

.pre-commit-config.yaml

@@ -1,10 +1,6 @@
-exclude: |
-  (?x)^(
-    README.md
-  )$
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
@@ -13,6 +9,15 @@ repos:
       - id: check-yaml
       - id: pretty-format-json
         args: ["--indent", "2", "--autofix", "--no-sort-keys"]
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.13.2
+    hooks:
+      - id: isort
+        args: ["--profile", "black", "--filter-files"]
+  - repo: https://github.com/psf/black
+    rev: 23.12.1
+    hooks:
+      - id: black
   - repo: local
     hooks:
       - id: terraform-fmt

code/terraform/terraform.tf → code/infra/terraform.tf

@@ -14,10 +14,10 @@ terraform {
 
   backend "azurerm" {
     environment          = "public"
-    resource_group_name  = "mycrp-prd-cicd"
-    storage_account_name = "mycrpprdstg001"
-    container_name       = "data-product-analytics"
-    key                  = "terraform.tfstate"
+    resource_group_name  = "<provided-via-config>"
+    storage_account_name = "<provided-via-config>"
+    container_name       = "<provided-via-config>"
+    key                  = "<provided-via-config>"
     use_azuread_auth     = true
     # use_oidc             = true
   }

config/PerfectThymeTech/azurerm.tfbackend

@@ -0,0 +1,7 @@
+environment          = "public"
+subscription_id      = "8f171ff9-2b5b-4f0f-aed5-7fa360a1d094"
+resource_group_name  = "mycrp-prd-cicd"
+storage_account_name = "mycrpprdstg001"
+container_name       = "data-product-analytics"
+key                  = "terraform.tfstate"
+use_azuread_auth     = true