rails_template_18f 0.8.0 → 0.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +13 -0
  3. data/Gemfile.lock +92 -70
  4. data/README.md +60 -63
  5. data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt +1 -1
  6. data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb +2 -2
  7. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt +2 -4
  8. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt +2 -4
  9. data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt +39 -54
  10. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/import.sh +1 -0
  11. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/main.tf.tt +7 -10
  12. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/providers.tf +3 -3
  13. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt +28 -1
  14. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt +1 -1
  15. data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt +30 -42
  16. data/lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf.tt +8 -1
  17. data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt +23 -33
  18. data/lib/generators/rails_template18f/terraform/templates/terraform/staging/providers.tf.tt +8 -1
  19. data/lib/generators/rails_template18f/terraform/terraform_generator.rb +0 -10
  20. data/lib/rails_template18f/version.rb +1 -1
  21. data/template.rb +18 -1
  22. data/templates/Brewfile +3 -0
  23. data/templates/README.md.tt +1 -0
  24. data/templates/bin/ops/create_service_account.sh.tt +78 -0
  25. data/templates/bin/ops/destroy_service_account.sh.tt +53 -0
  26. data/{lib/generators/rails_template18f/terraform/templates/terraform → templates/bin/ops}/set_space_egress.sh.tt +1 -1
  27. data/templates/config/environments/ci.rb +1 -1
  28. data/templates/config/environments/staging.rb +1 -1
  29. data/templates/doc/compliance/TODO.md +37 -0
  30. metadata +7 -21
  31. data/lib/generators/rails_template18f/terraform/templates/terraform/create_space_deployer.sh +0 -33
  32. data/lib/generators/rails_template18f/terraform/templates/terraform/destroy_space_deployer.sh +0 -19
  33. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/main.tf.tt +0 -50
  34. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/providers.tf +0 -16
  35. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/variables.tf +0 -47
  36. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/main.tf.tt +0 -23
  37. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/providers.tf +0 -16
  38. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/variables.tf +0 -42
  39. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/main.tf.tt +0 -46
  40. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/providers.tf +0 -16
  41. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/variables.tf +0 -47
  42. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/main.tf.tt +0 -23
  43. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/providers.tf +0 -16
  44. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/variables.tf +0 -42
  45. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/main.tf +0 -27
  46. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/providers.tf +0 -16
  47. data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/variables.tf +0 -43
@@ -4,26 +4,39 @@ This directory holds the terraform modules for maintaining your complete persist
4
4
 
5
5
  Prerequisite: install the `jq` JSON processor: `brew bundle` or `brew install jq`
6
6
 
7
- ## Initial setup
7
+ ## Initial project setup
8
8
 
9
- 1. Manually run the bootstrap module following instructions under `Terraform State Credentials`
9
+ These steps only need to be run once per project.
10
+
11
+ 1. Manually [bootstrap the state storage bucket](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time) within the `bootstrap` directory
10
12
  1. Setup CI/CD Pipeline to run Terraform
11
- 1. Copy bootstrap credentials to your CI/CD secrets using the instructions in the base README
12
- 1. Create a cloud.gov SpaceDeployer by following the instructions under `SpaceDeployers`
13
- 1. Copy SpaceDeployer credentials to your CI/CD secrets using the instructions in the base README
13
+ 1. Copy bootstrap credentials to your CI/CD secrets using the instructions in the base README
14
+ 1. Create a cloud.gov SpaceDeployer by following the instructions under `SpaceDeployers`
15
+ 1. Copy SpaceDeployer credentials to your CI/CD secrets using the instructions in the base README
14
16
  1. Manually Running Terraform
15
- 1. Follow instructions under `Set up a new environment` to create your infrastructure
17
+ 1. Follow instructions under `Set up a new environment` to create your infrastructure
18
+
19
+ ## Initial developer setup
20
+
21
+ These steps should be run for any developer that needs to start running terraform or who just moved to a new machine.
22
+
23
+ They are not necessary for the developer who runs the [initial project setup](#initial-project-setup)
24
+
25
+ 1. Import the existing bootstrap resources to your local state with `./import.sh`
26
+ 1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials)
27
+
16
28
 
17
29
  ## Terraform State Credentials
18
30
 
19
- The bootstrap module is used to create an s3 bucket for later terraform runs to store their state in.
31
+ The `bootstrap` module is used to create an s3 bucket for later terraform runs to store their state in.
20
32
 
21
33
  ### Bootstrapping the state storage s3 buckets for the first time
22
34
 
23
- 1. Run `terraform init`
24
- 1. Run `./run.sh plan` to verify that the changes are what you expect
35
+ These steps are run once per project.
36
+
37
+ 1. Run `./run.sh init`
25
38
  1. Run `./run.sh apply` to set up the bucket and retrieve credentials
26
- 1. Follow instructions under `Use bootstrap credentials`
39
+ 1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials)
27
40
  1. Ensure that `import.sh` includes a line and correct IDs for any resources created
28
41
  1. Run `./teardown_creds.sh` to remove the space deployer account used to create the s3 bucket
29
42
 
@@ -31,43 +44,35 @@ The bootstrap module is used to create an s3 bucket for later terraform runs to
31
44
 
32
45
  *This should not be necessary in most cases*
33
46
 
34
- 1. Run `terraform init`
35
- 1. If you don't have terraform state locally:
36
- 1. run `./import.sh`
37
- 1. optionally run `./run.sh apply` to include the existing outputs in the state file
38
47
  1. Make your changes
39
- 1. Continue from step 2 of the boostrapping instructions
40
-
41
- ### Retrieving existing bucket credentials
48
+ 1. Run `./run.sh plan` to verify the changes are what you expect
49
+ 1. Continue from step 2 of the [boostrapping instructions](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time)
42
50
 
43
- 1. Run `./run.sh show`
44
- 1. Follow instructions under `Use bootstrap credentials`
45
-
46
- #### Use bootstrap credentials
51
+ ### Use bootstrap credentials
47
52
 
48
53
  1. Add the following to `~/.aws/credentials`
49
54
  ```
50
55
  [<%= app_name %>-terraform-backend]
51
- aws_access_key_id = <access_key_id from bucket_credentials>
52
- aws_secret_access_key = <secret_access_key from bucket_credentials>
56
+ aws_access_key_id = <AWS_ACCESS_KEY_ID from run.sh output>
57
+ aws_secret_access_key = <AWS_SECRET_ACCESS_KEY from run.sh output>
53
58
  ```
54
59
 
55
- 1. Copy `bucket` from `bucket_credentials` output to the backend block of `staging/providers.tf` and `production/providers.tf`
60
+ 1. Copy `BUCKET` from `run.sh` output to the backend block of `staging/providers.tf` and `production/providers.tf`
56
61
 
57
62
  ## SpaceDeployers
58
63
 
59
64
  A [SpaceDeployer](https://cloud.gov/docs/services/cloud-gov-service-account/) account is required to run terraform or
60
65
  deploy the application from the CI/CD pipeline. Create a new account by running:
61
66
 
62
- `./create_space_deployer.sh <SPACE_NAME> <ACCOUNT_NAME>`
67
+ `../bin/ops/create_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>`
63
68
 
64
69
  ## Set up a new environment manually
65
70
 
66
- The below steps rely on you first configuring access to the Terraform state in s3 as described in [Terraform State Credentials](#terraform-state-credentials).
71
+ The below steps rely on you first configuring access to the Terraform state in s3 as described in [initial project setup](#initial-project-setup) or [initial developer setup](#initial-developer-setup).
67
72
 
68
73
  1. `cd` to the environment you are working in
69
74
 
70
- 1. Set up a SpaceDeployer
75
+ 1. Set up a SpaceDeployer and save the credentials in a file named `secrets.auto.tfvars`
71
76
  ```bash
72
77
  # create a space deployer service instance that can log in with just a username and password
73
78
  # the value of < SPACE_NAME > should be `staging` or `prod` depending on where you are working
@@ -75,12 +80,12 @@ The below steps rely on you first configuring access to the Terraform state in s
75
80
  # something that communicates the purpose of the deployer
76
81
  # for example: circleci-deployer for the credentials CircleCI uses to
77
82
  # deploy the application or <your_name>-terraform for credentials to run terraform manually
78
- ../create_space_deployer.sh <SPACE_NAME> <ACCOUNT_NAME> > secrets.auto.tfvars
83
+ ../../bin/ops/create_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME> > secrets.auto.tfvars
79
84
  ```
80
85
 
81
86
  The script will output the `username` (as `cf_user`) and `password` (as `cf_password`) for your `<ACCOUNT_NAME>`. Read more in the [cloud.gov service account documentation](https://cloud.gov/docs/services/cloud-gov-service-account/).
82
87
 
83
- The easiest way to use this script is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in
88
+ The easiest way to use this script locally is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in
84
89
 
85
90
  1. Run terraform from your new environment directory with
86
91
  ```bash
@@ -90,15 +95,15 @@ The below steps rely on you first configuring access to the Terraform state in s
90
95
 
91
96
  1. Apply changes with `terraform apply`.
92
97
 
93
- 1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform once.
98
+ 1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform plan before letting CI/CD apply the changes.
94
99
  ```bash
95
100
  # <SPACE_NAME> and <ACCOUNT_NAME> have the same values as used above.
96
- ../destroy_space_deployer.sh <SPACE_NAME> <ACCOUNT_NAME>
101
+ ../../bin/ops/destroy_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>
97
102
  ```
98
103
 
99
104
  ## Structure
100
105
 
101
- Each environment has its own module, which relies on a shared module for everything except the providers code and environment specific variables and settings.
106
+ Each environment has its own module.
102
107
 
103
108
  ```
104
109
  - bootstrap/
@@ -111,38 +116,18 @@ Each environment has its own module, which relies on a shared module for everyth
111
116
  - <env>/
112
117
  |- main.tf
113
118
  |- providers.tf
114
- |- secrets.auto.tfvars
115
119
  |- variables.tf
116
- - shared/
117
- |- s3/
118
- |- main.tf
119
- |- providers.tf
120
- |- variables.tf
121
- |- database/
122
- |- main.tf
123
- |- providers.tf
124
- |- variables.tf
125
- |- domain/
126
- |- main.tf
127
- |- providers.tf
128
- |- variables.tf
129
120
  ```
130
121
 
131
- In the shared modules:
132
- - `providers.tf` contains set up instructions for Terraform about Cloud Foundry and AWS
133
- - `main.tf` sets up the data and resources the application relies on
134
- - `variables.tf` lists the required variables and applicable default values
135
-
136
122
  In the environment-specific modules:
137
123
  - `providers.tf` lists the required providers
138
124
  - `main.tf` calls the shared Terraform code, but this is also a place where you can add any other services, resources, etc, which you would like to set up for that environment
139
125
  - `variables.tf` lists the variables that will be needed, either to pass through to the child module or for use in this module
140
- - `secrets.auto.tfvars` is a file which contains the information about the service-key and other secrets that should not be shared
141
126
 
142
127
  In the bootstrap module:
143
128
  - `providers.tf` lists the required providers
144
129
  - `main.tf` sets up s3 bucket to be shared across all environments. It lives in `prod` to communicate that it should not be deleted
145
130
  - `variables.tf` lists the variables that will be needed. Most values are hard-coded in this module
146
- - `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`show`/`plan`/`apply`/`destroy`) is passed as an argument
131
+ - `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`init`/`show`/`plan`/`apply`/`destroy`) is passed as an argument
147
132
  - `teardown_creds.sh` Helper script to remove the space deployer setup as part of `run.sh`
148
- - `import.sh` Helper script to create a new local state file in case terraform changes are needed
133
+ - `import.sh` Helper script to create a new local state file when new developers need to access the state file
@@ -4,6 +4,7 @@ read -p "Are you sure you want to import terraform state (y/n)? " verify
4
4
 
5
5
  if [[ $verify == "y" ]]; then
6
6
  echo "Importing bootstrap state"
7
+ ./run.sh init
7
8
  ./run.sh import module.s3.cloudfoundry_service_instance.bucket TKTK
8
9
  ./run.sh import cloudfoundry_service_key.bucket_creds TKTK
9
10
  ./run.sh plan
@@ -1,18 +1,14 @@
1
1
  locals {
2
- cf_api_url = "https://api.fr.cloud.gov"
3
2
  s3_service_name = "<%= app_name %>-terraform-state"
4
3
  }
5
4
 
6
5
  module "s3" {
7
- source = "../shared/s3"
6
+ source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
8
7
 
9
- cf_api_url = local.cf_api_url
10
- cf_user = var.cf_user
11
- cf_password = var.cf_password
12
- cf_org_name = "<%= cloud_gov_organization %>"
13
- cf_space_name = "<%= cloud_gov_production_space %>"
14
- s3_service_name = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
15
- s3_plan_name = "basic-sandbox"<% end %>
8
+ cf_org_name = "<%= cloud_gov_organization %>"
9
+ cf_space_name = "<%= cloud_gov_production_space %>"
10
+ name = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
11
+ s3_plan_name = "basic-sandbox"<% end %>
16
12
  }
17
13
 
18
14
  resource "cloudfoundry_service_key" "bucket_creds" {
@@ -21,5 +17,6 @@ resource "cloudfoundry_service_key" "bucket_creds" {
21
17
  }
22
18
 
23
19
  output "bucket_credentials" {
24
- value = cloudfoundry_service_key.bucket_creds.credentials
20
+ value = cloudfoundry_service_key.bucket_creds.credentials
21
+ sensitive = true
25
22
  }
@@ -3,14 +3,14 @@ terraform {
3
3
  required_providers {
4
4
  cloudfoundry = {
5
5
  source = "cloudfoundry-community/cloudfoundry"
6
- version = "0.15.0"
6
+ version = "0.53.1"
7
7
  }
8
8
  }
9
9
  }
10
10
 
11
11
  provider "cloudfoundry" {
12
- api_url = local.cf_api_url
12
+ api_url = "https://api.fr.cloud.gov"
13
13
  user = var.cf_user
14
14
  password = var.cf_password
15
15
  app_logs_max = 30
16
- }
16
+ }
@@ -1,12 +1,39 @@
1
1
  #!/usr/bin/env bash
2
2
 
3
+ if ! command -v jq &> /dev/null
4
+ then
5
+ echo "jq must be installed. Run 'brew bundle' to install everything in the Brewfile"
6
+ exit 1
7
+ fi
8
+ if ! command -v terraform &> /dev/null
9
+ then
10
+ echo "terraform must be installed before running this script"
11
+ exit 1
12
+ fi
13
+
14
+ dig_output () {
15
+ dig_result=`cat terraform.tfstate | jq -r ".outputs.bucket_credentials.value.$1"`
16
+ }
17
+
3
18
  if [[ ! -f "secrets.auto.tfvars" ]]; then
4
- ../create_space_deployer.sh <%= cloud_gov_production_space %> config-bootstrap-deployer > secrets.auto.tfvars
19
+ ../../bin/ops/create_service_account.sh -s <%= cloud_gov_production_space %> -u config-bootstrap-deployer > secrets.auto.tfvars
5
20
  fi
6
21
 
7
22
  if [[ $# -gt 0 ]]; then
8
23
  echo "Running terraform $@"
9
24
  terraform $@
25
+ if [[ -f terraform.tfstate ]]; then
26
+ echo
27
+ echo "Credentials for terraform state bucket:"
28
+ dig_output "bucket"
29
+ echo "BUCKET=$dig_result"
30
+ dig_output "access_key_id"
31
+ echo "AWS_ACCESS_KEY_ID=$dig_result"
32
+ dig_output "secret_access_key"
33
+ echo "AWS_SECRET_ACCESS_KEY=$dig_result"
34
+ dig_output "region"
35
+ echo "AWS_REGION=$dig_result"
36
+ fi
10
37
  else
11
38
  echo "Not running terraform"
12
39
  fi
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env bash
2
2
 
3
- ../destroy_space_deployer.sh <%= cloud_gov_production_space %> config-bootstrap-deployer
3
+ ../../bin/ops/destroy_service_account.sh -s <%= cloud_gov_production_space %> -u config-bootstrap-deployer
4
4
 
5
5
  rm secrets.auto.tfvars
@@ -2,44 +2,35 @@ locals {
2
2
  cf_org_name = "<%= cloud_gov_organization %>"
3
3
  cf_space_name = "<%= cloud_gov_production_space %>"
4
4
  env = "production"
5
- recursive_delete = false
5
+ app_name = "<%= app_name %>"
6
6
  }
7
7
 
8
8
  module "database" {
9
- source = "../shared/database"
9
+ source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
10
10
 
11
- cf_user = var.cf_user
12
- cf_password = var.cf_password
13
- cf_org_name = local.cf_org_name
14
- cf_space_name = local.cf_space_name
15
- env = local.env
16
- recursive_delete = local.recursive_delete
17
- rds_plan_name = "TKTK-production-rds-plan"
11
+ cf_org_name = local.cf_org_name
12
+ cf_space_name = local.cf_space_name
13
+ name = "${local.app_name}-rds-${local.env}"
14
+ rds_plan_name = "TKTK-production-rds-plan"
18
15
  }
19
16
  <% if has_active_job? %>
20
17
  module "redis" {
21
- source = "../shared/redis"
18
+ source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
22
19
 
23
- cf_user = var.cf_user
24
- cf_password = var.cf_password
25
- cf_org_name = local.cf_org_name
26
- cf_space_name = local.cf_space_name
27
- env = local.env
28
- recursive_delete = local.recursive_delete
29
- redis_plan_name = "TKTK-production-redis-plan"
20
+ cf_org_name = local.cf_org_name
21
+ cf_space_name = local.cf_space_name
22
+ name = "${local.app_name}-redis-${local.env}"
23
+ redis_plan_name = "TKTK-production-redis-plan"
30
24
  }
31
25
  <% end %>
32
26
  <% if has_active_storage? %>
33
27
  module "s3" {
34
- source = "../shared/s3"
28
+ source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
35
29
 
36
- cf_user = var.cf_user
37
- cf_password = var.cf_password
38
- cf_org_name = local.cf_org_name
39
- cf_space_name = local.cf_space_name
40
- recursive_delete = local.recursive_delete
41
- s3_service_name = "<%= app_name %>-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
42
- s3_plan_name = "basic-sandbox"<% end %>
30
+ cf_org_name = local.cf_org_name
31
+ cf_space_name = local.cf_space_name
32
+ name = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
33
+ s3_plan_name = "basic-sandbox"<% end %>
43
34
  }
44
35
 
45
36
  ###########################################################################
@@ -49,15 +40,14 @@ module "s3" {
49
40
  # 2) Your organization has sufficient memory. Each clamav app requires 3GB
50
41
  ###########################################################################
51
42
  # module "clamav" {
52
- # source = "../shared/clamav"
43
+ # source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v1.0.0"
53
44
  #
54
- # cf_user = var.cf_user
55
- # cf_password = var.cf_password
56
- # cf_org_name = local.cf_org_name
57
- # cf_space_name = local.cf_space_name
58
- # env = local.env
59
- # clamav_image = "ajilaag/clamav-rest:20211229"
60
- # max_file_size = "30M"
45
+ # cf_org_name = local.cf_org_name
46
+ # cf_space_name = local.cf_space_name
47
+ # app_name_or_id = "${local.app_name}-${local.env}"
48
+ # name = "${local.app_name}-clamapi-${local.env}"
49
+ # clamav_image = "ghcr.io/gsa-tts/clamav-rest/clamav:20240602"
50
+ # max_file_size = "30M"
61
51
  # }
62
52
  <% end %>
63
53
 
@@ -69,14 +59,12 @@ module "s3" {
69
59
  # `cf create-domain <%= cloud_gov_organization %> TKTK-production-domain-name`
70
60
  ###########################################################################
71
61
  # module "domain" {
72
- # source = "../shared/domain"
62
+ # source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v1.0.0"
73
63
  #
74
- # cf_user = var.cf_user
75
- # cf_password = var.cf_password
76
- # cf_org_name = local.cf_org_name
77
- # cf_space_name = local.cf_space_name
78
- # env = local.env
79
- # recursive_delete = local.recursive_delete
80
- # cdn_plan_name = "domain"
81
- # domain_name = "TKTK-production-domain-name"
64
+ # cf_org_name = local.cf_org_name
65
+ # cf_space_name = local.cf_space_name
66
+ # app_name_or_id = "${local.app_name}-${local.env}"
67
+ # cdn_plan_name = "domain"
68
+ # domain_name = "TKTK-production-domain-name"
69
+ # host_name = "TKTK-production-hostname (optional)"
82
70
  # }
@@ -3,7 +3,7 @@ terraform {
3
3
  required_providers {
4
4
  cloudfoundry = {
5
5
  source = "cloudfoundry-community/cloudfoundry"
6
- version = "0.15.0"
6
+ version = "0.53.1"
7
7
  }
8
8
  }
9
9
 
@@ -15,3 +15,10 @@ terraform {
15
15
  profile = "<%= app_name %>-terraform-backend"
16
16
  }
17
17
  }
18
+
19
+ provider "cloudfoundry" {
20
+ api_url = "https://api.fr.cloud.gov"
21
+ user = var.cf_user
22
+ password = var.cf_password
23
+ app_logs_max = 30
24
+ }
@@ -2,44 +2,35 @@ locals {
2
2
  cf_org_name = "<%= cloud_gov_organization %>"
3
3
  cf_space_name = "<%= cloud_gov_staging_space %>"
4
4
  env = "staging"
5
- recursive_delete = true
5
+ app_name = "<%= app_name %>"
6
6
  }
7
7
 
8
8
  module "database" {
9
- source = "../shared/database"
9
+ source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
10
10
 
11
- cf_user = var.cf_user
12
- cf_password = var.cf_password
13
- cf_org_name = local.cf_org_name
14
- cf_space_name = local.cf_space_name
15
- env = local.env
16
- recursive_delete = local.recursive_delete
17
- rds_plan_name = "micro-psql"
11
+ cf_org_name = local.cf_org_name
12
+ cf_space_name = local.cf_space_name
13
+ name = "${local.app_name}-rds-${local.env}"
14
+ rds_plan_name = "micro-psql"
18
15
  }
19
16
  <% if has_active_job? %>
20
17
  module "redis" {
21
- source = "../shared/redis"
18
+ source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
22
19
 
23
- cf_user = var.cf_user
24
- cf_password = var.cf_password
25
- cf_org_name = local.cf_org_name
26
- cf_space_name = local.cf_space_name
27
- env = local.env
28
- recursive_delete = local.recursive_delete
29
- redis_plan_name = "redis-dev"
20
+ cf_org_name = local.cf_org_name
21
+ cf_space_name = local.cf_space_name
22
+ name = "${local.app_name}-redis-${local.env}"
23
+ redis_plan_name = "redis-dev"
30
24
  }
31
25
  <% end %>
32
26
  <% if has_active_storage? %>
33
27
  module "s3" {
34
- source = "../shared/s3"
28
+ source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
35
29
 
36
- cf_user = var.cf_user
37
- cf_password = var.cf_password
38
- cf_org_name = local.cf_org_name
39
- cf_space_name = local.cf_space_name
40
- recursive_delete = local.recursive_delete
41
- s3_service_name = "<%= app_name %>-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
42
- s3_plan_name = "basic-sandbox"<% end %>
30
+ cf_org_name = local.cf_org_name
31
+ cf_space_name = local.cf_space_name
32
+ name = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
33
+ s3_plan_name = "basic-sandbox"<% end %>
43
34
  }
44
35
 
45
36
  ###########################################################################
@@ -49,14 +40,13 @@ module "s3" {
49
40
  # 2) Your organization has sufficient memory. Each clamav app requires 3GB
50
41
  ###########################################################################
51
42
  # module "clamav" {
52
- # source = "../shared/clamav"
43
+ # source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v1.0.0"
53
44
  #
54
- # cf_user = var.cf_user
55
- # cf_password = var.cf_password
56
- # cf_org_name = local.cf_org_name
57
- # cf_space_name = local.cf_space_name
58
- # env = local.env
59
- # clamav_image = "ajilaag/clamav-rest:20211229"
60
- # max_file_size = "30M"
45
+ # cf_org_name = local.cf_org_name
46
+ # cf_space_name = local.cf_space_name
47
+ # app_name_or_id = "${local.app_name}-${local.env}"
48
+ # name = "${local.app_name}-clamapi-${local.env}"
49
+ # clamav_image = "ghcr.io/gsa-tts/clamav-rest/clamav:20240602"
50
+ # max_file_size = "30M"
61
51
  # }
62
52
  <% end %>
@@ -3,7 +3,7 @@ terraform {
3
3
  required_providers {
4
4
  cloudfoundry = {
5
5
  source = "cloudfoundry-community/cloudfoundry"
6
- version = "0.15.0"
6
+ version = "0.53.1"
7
7
  }
8
8
  }
9
9
 
@@ -15,3 +15,10 @@ terraform {
15
15
  profile = "<%= app_name %>-terraform-backend"
16
16
  }
17
17
  }
18
+
19
+ provider "cloudfoundry" {
20
+ api_url = "https://api.fr.cloud.gov"
21
+ user = var.cf_user
22
+ password = var.cf_password
23
+ app_logs_max = 30
24
+ }
@@ -15,20 +15,10 @@ module RailsTemplate18f
15
15
 
16
16
  def install
17
17
  directory "terraform", mode: :preserve
18
- chmod "terraform/set_space_egress.sh", 0o755
19
18
  chmod "terraform/bootstrap/run.sh", 0o755
20
19
  chmod "terraform/bootstrap/teardown_creds.sh", 0o755
21
20
  end
22
21
 
23
- def install_jq
24
- append_to_file "Brewfile", <<~EOB
25
-
26
- # used in terraform/create_space_deployer.sh
27
- brew "jq"
28
- EOB
29
- insert_into_file "README.md", indent("* [jq](https://stedolan.github.io/jq/)\n"), after: /\* Install homebrew dependencies: `brew bundle`\n/
30
- end
31
-
32
22
  def ignore_files
33
23
  unless skip_git?
34
24
  append_to_file ".gitignore", <<~EOM
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RailsTemplate18f
4
- VERSION = "0.8.0"
4
+ VERSION = "0.8.2"
5
5
  end
data/template.rb CHANGED
@@ -58,6 +58,15 @@ compliance_template_submodule = compliance_template && yes?("Clone #{compliance_
58
58
  if compliance_template_submodule
59
59
  compliance_template_repo = ask("What is the git clone address of your compliance-template fork?")
60
60
  end
61
+ if compliance_template_repo.blank?
62
+ register_announcement("OSCAL Documentation", <<~EOM)
63
+ Skipping OSCAL files as the compliance-template fork was left blank.
64
+
65
+ Re-run the oscal generator after creating your template fork to get started with OSCAL.
66
+ EOM
67
+ compliance_template = false
68
+ compliance_template_submodule = false
69
+ end
61
70
 
62
71
  terraform = yes?("Create terraform files for cloud.gov services? (y/n)")
63
72
  @cloud_gov_organization = ask("What is your cloud.gov organization name? (Leave blank to fill in later)")
@@ -141,6 +150,9 @@ end
141
150
 
142
151
  # setup pa11y and owasp scanning
143
152
  directory "bin", mode: :preserve
153
+ chmod "bin/ops/create_service_account.sh", 0o755
154
+ chmod "bin/ops/destroy_service_account.sh", 0o755
155
+ chmod "bin/ops/set_space_egress.sh", 0o755
144
156
  copy_file "pa11yci", ".pa11yci"
145
157
  copy_file "editorconfig", ".editorconfig"
146
158
  copy_file "zap.conf"
@@ -234,7 +246,7 @@ end
234
246
  # setup USWDS and asset pipeline
235
247
  copy_file "browserslistrc", ".browserslistrc" if webpack?
236
248
  after_bundle do
237
- run 'npm set-script build:css "postcss ./app/assets/stylesheets/application.postcss.scss -o ./app/assets/builds/application.css"'
249
+ run 'npm pkg set scripts.build:css="postcss ./app/assets/stylesheets/application.postcss.scss -o ./app/assets/builds/application.css"'
238
250
  # include verbose flag for dev postcss output
239
251
  gsub_file "Procfile.dev", "yarn build:css --watch", "yarn build:css --verbose --watch"
240
252
  # Replace postcss-nesting with sass since USWDS uses sass
@@ -430,6 +442,11 @@ if @circleci_pipeline
430
442
  ]
431
443
  generate "rails_template18f:circleci", *generator_arguments
432
444
  end
445
+ if cloud_gov_org_tktk?
446
+ register_announcement("CircleCI", <<~EOM)
447
+ * Fill in the cloud.gov organization information in .circleci/config.yml
448
+ EOM
449
+ end
433
450
  register_announcement("CircleCI", <<~EOM)
434
451
  * Create project environment variables for deploy users as defined in the Deployment section of the README
435
452
  EOM
data/templates/Brewfile CHANGED
@@ -7,6 +7,9 @@ brew "postgresql@12", link: true
7
7
  # used in bin/with-server script
8
8
  brew "dockerize"
9
9
 
10
+ # used in bin/ops/create_service_account.sh
11
+ brew "jq"
12
+
10
13
  # helper scripts for creating new ADRs
11
14
  brew "adr-tools"
12
15
 
@@ -15,6 +15,7 @@ guide for an introduction to the framework.
15
15
  * Install homebrew dependencies: `brew bundle`
16
16
  * [PostgreSQL](https://www.postgresql.org/)
17
17
  * [Dockerize](https://github.com/jwilder/dockerize)
18
+ * [jq](https://stedolan.github.io/jq/)
18
19
  * [ADR Tools](https://github.com/npryce/adr-tools)
19
20
  * [Chromedriver](https://sites.google.com/chromium.org/driver/)
20
21
  * Chromedriver must be allowed to run. You can either do that by: