rails_template_18f 0.8.0 → 0.8.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/Gemfile.lock +92 -70
- data/README.md +60 -63
- data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt +1 -1
- data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb +2 -2
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt +2 -4
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt +2 -4
- data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt +39 -54
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/import.sh +1 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/main.tf.tt +7 -10
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/providers.tf +3 -3
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt +28 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt +1 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt +30 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf.tt +8 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt +23 -33
- data/lib/generators/rails_template18f/terraform/templates/terraform/staging/providers.tf.tt +8 -1
- data/lib/generators/rails_template18f/terraform/terraform_generator.rb +0 -10
- data/lib/rails_template18f/version.rb +1 -1
- data/template.rb +18 -1
- data/templates/Brewfile +3 -0
- data/templates/README.md.tt +1 -0
- data/templates/bin/ops/create_service_account.sh.tt +78 -0
- data/templates/bin/ops/destroy_service_account.sh.tt +53 -0
- data/{lib/generators/rails_template18f/terraform/templates/terraform → templates/bin/ops}/set_space_egress.sh.tt +1 -1
- data/templates/config/environments/ci.rb +1 -1
- data/templates/config/environments/staging.rb +1 -1
- data/templates/doc/compliance/TODO.md +37 -0
- metadata +7 -21
- data/lib/generators/rails_template18f/terraform/templates/terraform/create_space_deployer.sh +0 -33
- data/lib/generators/rails_template18f/terraform/templates/terraform/destroy_space_deployer.sh +0 -19
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/main.tf.tt +0 -50
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/variables.tf +0 -47
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/main.tf.tt +0 -23
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/variables.tf +0 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/main.tf.tt +0 -46
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/variables.tf +0 -47
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/main.tf.tt +0 -23
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/variables.tf +0 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/main.tf +0 -27
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/variables.tf +0 -43
@@ -4,26 +4,39 @@ This directory holds the terraform modules for maintaining your complete persist
|
|
4
4
|
|
5
5
|
Prerequisite: install the `jq` JSON processor: `brew bundle` or `brew install jq`
|
6
6
|
|
7
|
-
## Initial setup
|
7
|
+
## Initial project setup
|
8
8
|
|
9
|
-
|
9
|
+
These steps only need to be run once per project.
|
10
|
+
|
11
|
+
1. Manually [bootstrap the state storage bucket](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time) within the `bootstrap` directory
|
10
12
|
1. Setup CI/CD Pipeline to run Terraform
|
11
|
-
|
12
|
-
|
13
|
-
|
13
|
+
1. Copy bootstrap credentials to your CI/CD secrets using the instructions in the base README
|
14
|
+
1. Create a cloud.gov SpaceDeployer by following the instructions under `SpaceDeployers`
|
15
|
+
1. Copy SpaceDeployer credentials to your CI/CD secrets using the instructions in the base README
|
14
16
|
1. Manually Running Terraform
|
15
|
-
|
17
|
+
1. Follow instructions under `Set up a new environment` to create your infrastructure
|
18
|
+
|
19
|
+
## Initial developer setup
|
20
|
+
|
21
|
+
These steps should be run for any developer that needs to start running terraform or who just moved to a new machine.
|
22
|
+
|
23
|
+
They are not necessary for the developer who runs the [initial project setup](#initial-project-setup)
|
24
|
+
|
25
|
+
1. Import the existing bootstrap resources to your local state with `./import.sh`
|
26
|
+
1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials)
|
27
|
+
|
16
28
|
|
17
29
|
## Terraform State Credentials
|
18
30
|
|
19
|
-
The bootstrap module is used to create an s3 bucket for later terraform runs to store their state in.
|
31
|
+
The `bootstrap` module is used to create an s3 bucket for later terraform runs to store their state in.
|
20
32
|
|
21
33
|
### Bootstrapping the state storage s3 buckets for the first time
|
22
34
|
|
23
|
-
|
24
|
-
|
35
|
+
These steps are run once per project.
|
36
|
+
|
37
|
+
1. Run `./run.sh init`
|
25
38
|
1. Run `./run.sh apply` to set up the bucket and retrieve credentials
|
26
|
-
1. Follow instructions under
|
39
|
+
1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials)
|
27
40
|
1. Ensure that `import.sh` includes a line and correct IDs for any resources created
|
28
41
|
1. Run `./teardown_creds.sh` to remove the space deployer account used to create the s3 bucket
|
29
42
|
|
@@ -31,43 +44,35 @@ The bootstrap module is used to create an s3 bucket for later terraform runs to
|
|
31
44
|
|
32
45
|
*This should not be necessary in most cases*
|
33
46
|
|
34
|
-
1. Run `terraform init`
|
35
|
-
1. If you don't have terraform state locally:
|
36
|
-
1. run `./import.sh`
|
37
|
-
1. optionally run `./run.sh apply` to include the existing outputs in the state file
|
38
47
|
1. Make your changes
|
39
|
-
1.
|
40
|
-
|
41
|
-
### Retrieving existing bucket credentials
|
48
|
+
1. Run `./run.sh plan` to verify the changes are what you expect
|
49
|
+
1. Continue from step 2 of the [boostrapping instructions](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time)
|
42
50
|
|
43
|
-
|
44
|
-
1. Follow instructions under `Use bootstrap credentials`
|
45
|
-
|
46
|
-
#### Use bootstrap credentials
|
51
|
+
### Use bootstrap credentials
|
47
52
|
|
48
53
|
1. Add the following to `~/.aws/credentials`
|
49
54
|
```
|
50
55
|
[<%= app_name %>-terraform-backend]
|
51
|
-
aws_access_key_id = <
|
52
|
-
aws_secret_access_key = <
|
56
|
+
aws_access_key_id = <AWS_ACCESS_KEY_ID from run.sh output>
|
57
|
+
aws_secret_access_key = <AWS_SECRET_ACCESS_KEY from run.sh output>
|
53
58
|
```
|
54
59
|
|
55
|
-
1. Copy `
|
60
|
+
1. Copy `BUCKET` from `run.sh` output to the backend block of `staging/providers.tf` and `production/providers.tf`
|
56
61
|
|
57
62
|
## SpaceDeployers
|
58
63
|
|
59
64
|
A [SpaceDeployer](https://cloud.gov/docs/services/cloud-gov-service-account/) account is required to run terraform or
|
60
65
|
deploy the application from the CI/CD pipeline. Create a new account by running:
|
61
66
|
|
62
|
-
|
67
|
+
`../bin/ops/create_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>`
|
63
68
|
|
64
69
|
## Set up a new environment manually
|
65
70
|
|
66
|
-
The below steps rely on you first configuring access to the Terraform state in s3 as described in [
|
71
|
+
The below steps rely on you first configuring access to the Terraform state in s3 as described in [initial project setup](#initial-project-setup) or [initial developer setup](#initial-developer-setup).
|
67
72
|
|
68
73
|
1. `cd` to the environment you are working in
|
69
74
|
|
70
|
-
1. Set up a SpaceDeployer
|
75
|
+
1. Set up a SpaceDeployer and save the credentials in a file named `secrets.auto.tfvars`
|
71
76
|
```bash
|
72
77
|
# create a space deployer service instance that can log in with just a username and password
|
73
78
|
# the value of < SPACE_NAME > should be `staging` or `prod` depending on where you are working
|
@@ -75,12 +80,12 @@ The below steps rely on you first configuring access to the Terraform state in s
|
|
75
80
|
# something that communicates the purpose of the deployer
|
76
81
|
# for example: circleci-deployer for the credentials CircleCI uses to
|
77
82
|
# deploy the application or <your_name>-terraform for credentials to run terraform manually
|
78
|
-
|
83
|
+
../../bin/ops/create_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME> > secrets.auto.tfvars
|
79
84
|
```
|
80
85
|
|
81
86
|
The script will output the `username` (as `cf_user`) and `password` (as `cf_password`) for your `<ACCOUNT_NAME>`. Read more in the [cloud.gov service account documentation](https://cloud.gov/docs/services/cloud-gov-service-account/).
|
82
87
|
|
83
|
-
The easiest way to use this script is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in
|
88
|
+
The easiest way to use this script locally is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in
|
84
89
|
|
85
90
|
1. Run terraform from your new environment directory with
|
86
91
|
```bash
|
@@ -90,15 +95,15 @@ The below steps rely on you first configuring access to the Terraform state in s
|
|
90
95
|
|
91
96
|
1. Apply changes with `terraform apply`.
|
92
97
|
|
93
|
-
1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform
|
98
|
+
1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform plan before letting CI/CD apply the changes.
|
94
99
|
```bash
|
95
100
|
# <SPACE_NAME> and <ACCOUNT_NAME> have the same values as used above.
|
96
|
-
|
101
|
+
../../bin/ops/destroy_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>
|
97
102
|
```
|
98
103
|
|
99
104
|
## Structure
|
100
105
|
|
101
|
-
Each environment has its own module
|
106
|
+
Each environment has its own module.
|
102
107
|
|
103
108
|
```
|
104
109
|
- bootstrap/
|
@@ -111,38 +116,18 @@ Each environment has its own module, which relies on a shared module for everyth
|
|
111
116
|
- <env>/
|
112
117
|
|- main.tf
|
113
118
|
|- providers.tf
|
114
|
-
|- secrets.auto.tfvars
|
115
119
|
|- variables.tf
|
116
|
-
- shared/
|
117
|
-
|- s3/
|
118
|
-
|- main.tf
|
119
|
-
|- providers.tf
|
120
|
-
|- variables.tf
|
121
|
-
|- database/
|
122
|
-
|- main.tf
|
123
|
-
|- providers.tf
|
124
|
-
|- variables.tf
|
125
|
-
|- domain/
|
126
|
-
|- main.tf
|
127
|
-
|- providers.tf
|
128
|
-
|- variables.tf
|
129
120
|
```
|
130
121
|
|
131
|
-
In the shared modules:
|
132
|
-
- `providers.tf` contains set up instructions for Terraform about Cloud Foundry and AWS
|
133
|
-
- `main.tf` sets up the data and resources the application relies on
|
134
|
-
- `variables.tf` lists the required variables and applicable default values
|
135
|
-
|
136
122
|
In the environment-specific modules:
|
137
123
|
- `providers.tf` lists the required providers
|
138
124
|
- `main.tf` calls the shared Terraform code, but this is also a place where you can add any other services, resources, etc, which you would like to set up for that environment
|
139
125
|
- `variables.tf` lists the variables that will be needed, either to pass through to the child module or for use in this module
|
140
|
-
- `secrets.auto.tfvars` is a file which contains the information about the service-key and other secrets that should not be shared
|
141
126
|
|
142
127
|
In the bootstrap module:
|
143
128
|
- `providers.tf` lists the required providers
|
144
129
|
- `main.tf` sets up s3 bucket to be shared across all environments. It lives in `prod` to communicate that it should not be deleted
|
145
130
|
- `variables.tf` lists the variables that will be needed. Most values are hard-coded in this module
|
146
|
-
- `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`show`/`plan`/`apply`/`destroy`) is passed as an argument
|
131
|
+
- `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`init`/`show`/`plan`/`apply`/`destroy`) is passed as an argument
|
147
132
|
- `teardown_creds.sh` Helper script to remove the space deployer setup as part of `run.sh`
|
148
|
-
- `import.sh` Helper script to create a new local state file
|
133
|
+
- `import.sh` Helper script to create a new local state file when new developers need to access the state file
|
@@ -4,6 +4,7 @@ read -p "Are you sure you want to import terraform state (y/n)? " verify
|
|
4
4
|
|
5
5
|
if [[ $verify == "y" ]]; then
|
6
6
|
echo "Importing bootstrap state"
|
7
|
+
./run.sh init
|
7
8
|
./run.sh import module.s3.cloudfoundry_service_instance.bucket TKTK
|
8
9
|
./run.sh import cloudfoundry_service_key.bucket_creds TKTK
|
9
10
|
./run.sh plan
|
@@ -1,18 +1,14 @@
|
|
1
1
|
locals {
|
2
|
-
cf_api_url = "https://api.fr.cloud.gov"
|
3
2
|
s3_service_name = "<%= app_name %>-terraform-state"
|
4
3
|
}
|
5
4
|
|
6
5
|
module "s3" {
|
7
|
-
source = "
|
6
|
+
source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
|
8
7
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
cf_space_name = "<%= cloud_gov_production_space %>"
|
14
|
-
s3_service_name = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
|
15
|
-
s3_plan_name = "basic-sandbox"<% end %>
|
8
|
+
cf_org_name = "<%= cloud_gov_organization %>"
|
9
|
+
cf_space_name = "<%= cloud_gov_production_space %>"
|
10
|
+
name = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
|
11
|
+
s3_plan_name = "basic-sandbox"<% end %>
|
16
12
|
}
|
17
13
|
|
18
14
|
resource "cloudfoundry_service_key" "bucket_creds" {
|
@@ -21,5 +17,6 @@ resource "cloudfoundry_service_key" "bucket_creds" {
|
|
21
17
|
}
|
22
18
|
|
23
19
|
output "bucket_credentials" {
|
24
|
-
value
|
20
|
+
value = cloudfoundry_service_key.bucket_creds.credentials
|
21
|
+
sensitive = true
|
25
22
|
}
|
@@ -3,14 +3,14 @@ terraform {
|
|
3
3
|
required_providers {
|
4
4
|
cloudfoundry = {
|
5
5
|
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.
|
6
|
+
version = "0.53.1"
|
7
7
|
}
|
8
8
|
}
|
9
9
|
}
|
10
10
|
|
11
11
|
provider "cloudfoundry" {
|
12
|
-
api_url =
|
12
|
+
api_url = "https://api.fr.cloud.gov"
|
13
13
|
user = var.cf_user
|
14
14
|
password = var.cf_password
|
15
15
|
app_logs_max = 30
|
16
|
-
}
|
16
|
+
}
|
@@ -1,12 +1,39 @@
|
|
1
1
|
#!/usr/bin/env bash
|
2
2
|
|
3
|
+
if ! command -v jq &> /dev/null
|
4
|
+
then
|
5
|
+
echo "jq must be installed. Run 'brew bundle' to install everything in the Brewfile"
|
6
|
+
exit 1
|
7
|
+
fi
|
8
|
+
if ! command -v terraform &> /dev/null
|
9
|
+
then
|
10
|
+
echo "terraform must be installed before running this script"
|
11
|
+
exit 1
|
12
|
+
fi
|
13
|
+
|
14
|
+
dig_output () {
|
15
|
+
dig_result=`cat terraform.tfstate | jq -r ".outputs.bucket_credentials.value.$1"`
|
16
|
+
}
|
17
|
+
|
3
18
|
if [[ ! -f "secrets.auto.tfvars" ]]; then
|
4
|
-
|
19
|
+
../../bin/ops/create_service_account.sh -s <%= cloud_gov_production_space %> -u config-bootstrap-deployer > secrets.auto.tfvars
|
5
20
|
fi
|
6
21
|
|
7
22
|
if [[ $# -gt 0 ]]; then
|
8
23
|
echo "Running terraform $@"
|
9
24
|
terraform $@
|
25
|
+
if [[ -f terraform.tfstate ]]; then
|
26
|
+
echo
|
27
|
+
echo "Credentials for terraform state bucket:"
|
28
|
+
dig_output "bucket"
|
29
|
+
echo "BUCKET=$dig_result"
|
30
|
+
dig_output "access_key_id"
|
31
|
+
echo "AWS_ACCESS_KEY_ID=$dig_result"
|
32
|
+
dig_output "secret_access_key"
|
33
|
+
echo "AWS_SECRET_ACCESS_KEY=$dig_result"
|
34
|
+
dig_output "region"
|
35
|
+
echo "AWS_REGION=$dig_result"
|
36
|
+
fi
|
10
37
|
else
|
11
38
|
echo "Not running terraform"
|
12
39
|
fi
|
@@ -2,44 +2,35 @@ locals {
|
|
2
2
|
cf_org_name = "<%= cloud_gov_organization %>"
|
3
3
|
cf_space_name = "<%= cloud_gov_production_space %>"
|
4
4
|
env = "production"
|
5
|
-
|
5
|
+
app_name = "<%= app_name %>"
|
6
6
|
}
|
7
7
|
|
8
8
|
module "database" {
|
9
|
-
source = "
|
9
|
+
source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
env = local.env
|
16
|
-
recursive_delete = local.recursive_delete
|
17
|
-
rds_plan_name = "TKTK-production-rds-plan"
|
11
|
+
cf_org_name = local.cf_org_name
|
12
|
+
cf_space_name = local.cf_space_name
|
13
|
+
name = "${local.app_name}-rds-${local.env}"
|
14
|
+
rds_plan_name = "TKTK-production-rds-plan"
|
18
15
|
}
|
19
16
|
<% if has_active_job? %>
|
20
17
|
module "redis" {
|
21
|
-
source = "
|
18
|
+
source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
|
22
19
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
env = local.env
|
28
|
-
recursive_delete = local.recursive_delete
|
29
|
-
redis_plan_name = "TKTK-production-redis-plan"
|
20
|
+
cf_org_name = local.cf_org_name
|
21
|
+
cf_space_name = local.cf_space_name
|
22
|
+
name = "${local.app_name}-redis-${local.env}"
|
23
|
+
redis_plan_name = "TKTK-production-redis-plan"
|
30
24
|
}
|
31
25
|
<% end %>
|
32
26
|
<% if has_active_storage? %>
|
33
27
|
module "s3" {
|
34
|
-
source = "
|
28
|
+
source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
|
35
29
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
recursive_delete = local.recursive_delete
|
41
|
-
s3_service_name = "<%= app_name %>-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
|
42
|
-
s3_plan_name = "basic-sandbox"<% end %>
|
30
|
+
cf_org_name = local.cf_org_name
|
31
|
+
cf_space_name = local.cf_space_name
|
32
|
+
name = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
|
33
|
+
s3_plan_name = "basic-sandbox"<% end %>
|
43
34
|
}
|
44
35
|
|
45
36
|
###########################################################################
|
@@ -49,15 +40,14 @@ module "s3" {
|
|
49
40
|
# 2) Your organization has sufficient memory. Each clamav app requires 3GB
|
50
41
|
###########################################################################
|
51
42
|
# module "clamav" {
|
52
|
-
# source = "
|
43
|
+
# source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v1.0.0"
|
53
44
|
#
|
54
|
-
#
|
55
|
-
#
|
56
|
-
#
|
57
|
-
#
|
58
|
-
#
|
59
|
-
#
|
60
|
-
# max_file_size = "30M"
|
45
|
+
# cf_org_name = local.cf_org_name
|
46
|
+
# cf_space_name = local.cf_space_name
|
47
|
+
# app_name_or_id = "${local.app_name}-${local.env}"
|
48
|
+
# name = "${local.app_name}-clamapi-${local.env}"
|
49
|
+
# clamav_image = "ghcr.io/gsa-tts/clamav-rest/clamav:20240602"
|
50
|
+
# max_file_size = "30M"
|
61
51
|
# }
|
62
52
|
<% end %>
|
63
53
|
|
@@ -69,14 +59,12 @@ module "s3" {
|
|
69
59
|
# `cf create-domain <%= cloud_gov_organization %> TKTK-production-domain-name`
|
70
60
|
###########################################################################
|
71
61
|
# module "domain" {
|
72
|
-
# source = "
|
62
|
+
# source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v1.0.0"
|
73
63
|
#
|
74
|
-
#
|
75
|
-
#
|
76
|
-
#
|
77
|
-
#
|
78
|
-
#
|
79
|
-
#
|
80
|
-
# cdn_plan_name = "domain"
|
81
|
-
# domain_name = "TKTK-production-domain-name"
|
64
|
+
# cf_org_name = local.cf_org_name
|
65
|
+
# cf_space_name = local.cf_space_name
|
66
|
+
# app_name_or_id = "${local.app_name}-${local.env}"
|
67
|
+
# cdn_plan_name = "domain"
|
68
|
+
# domain_name = "TKTK-production-domain-name"
|
69
|
+
# host_name = "TKTK-production-hostname (optional)"
|
82
70
|
# }
|
data/lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf.tt
CHANGED
@@ -3,7 +3,7 @@ terraform {
|
|
3
3
|
required_providers {
|
4
4
|
cloudfoundry = {
|
5
5
|
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.
|
6
|
+
version = "0.53.1"
|
7
7
|
}
|
8
8
|
}
|
9
9
|
|
@@ -15,3 +15,10 @@ terraform {
|
|
15
15
|
profile = "<%= app_name %>-terraform-backend"
|
16
16
|
}
|
17
17
|
}
|
18
|
+
|
19
|
+
provider "cloudfoundry" {
|
20
|
+
api_url = "https://api.fr.cloud.gov"
|
21
|
+
user = var.cf_user
|
22
|
+
password = var.cf_password
|
23
|
+
app_logs_max = 30
|
24
|
+
}
|
@@ -2,44 +2,35 @@ locals {
|
|
2
2
|
cf_org_name = "<%= cloud_gov_organization %>"
|
3
3
|
cf_space_name = "<%= cloud_gov_staging_space %>"
|
4
4
|
env = "staging"
|
5
|
-
|
5
|
+
app_name = "<%= app_name %>"
|
6
6
|
}
|
7
7
|
|
8
8
|
module "database" {
|
9
|
-
source = "
|
9
|
+
source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
env = local.env
|
16
|
-
recursive_delete = local.recursive_delete
|
17
|
-
rds_plan_name = "micro-psql"
|
11
|
+
cf_org_name = local.cf_org_name
|
12
|
+
cf_space_name = local.cf_space_name
|
13
|
+
name = "${local.app_name}-rds-${local.env}"
|
14
|
+
rds_plan_name = "micro-psql"
|
18
15
|
}
|
19
16
|
<% if has_active_job? %>
|
20
17
|
module "redis" {
|
21
|
-
source = "
|
18
|
+
source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
|
22
19
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
env = local.env
|
28
|
-
recursive_delete = local.recursive_delete
|
29
|
-
redis_plan_name = "redis-dev"
|
20
|
+
cf_org_name = local.cf_org_name
|
21
|
+
cf_space_name = local.cf_space_name
|
22
|
+
name = "${local.app_name}-redis-${local.env}"
|
23
|
+
redis_plan_name = "redis-dev"
|
30
24
|
}
|
31
25
|
<% end %>
|
32
26
|
<% if has_active_storage? %>
|
33
27
|
module "s3" {
|
34
|
-
source = "
|
28
|
+
source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
|
35
29
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
recursive_delete = local.recursive_delete
|
41
|
-
s3_service_name = "<%= app_name %>-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
|
42
|
-
s3_plan_name = "basic-sandbox"<% end %>
|
30
|
+
cf_org_name = local.cf_org_name
|
31
|
+
cf_space_name = local.cf_space_name
|
32
|
+
name = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
|
33
|
+
s3_plan_name = "basic-sandbox"<% end %>
|
43
34
|
}
|
44
35
|
|
45
36
|
###########################################################################
|
@@ -49,14 +40,13 @@ module "s3" {
|
|
49
40
|
# 2) Your organization has sufficient memory. Each clamav app requires 3GB
|
50
41
|
###########################################################################
|
51
42
|
# module "clamav" {
|
52
|
-
# source = "
|
43
|
+
# source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v1.0.0"
|
53
44
|
#
|
54
|
-
#
|
55
|
-
#
|
56
|
-
#
|
57
|
-
#
|
58
|
-
#
|
59
|
-
#
|
60
|
-
# max_file_size = "30M"
|
45
|
+
# cf_org_name = local.cf_org_name
|
46
|
+
# cf_space_name = local.cf_space_name
|
47
|
+
# app_name_or_id = "${local.app_name}-${local.env}"
|
48
|
+
# name = "${local.app_name}-clamapi-${local.env}"
|
49
|
+
# clamav_image = "ghcr.io/gsa-tts/clamav-rest/clamav:20240602"
|
50
|
+
# max_file_size = "30M"
|
61
51
|
# }
|
62
52
|
<% end %>
|
@@ -3,7 +3,7 @@ terraform {
|
|
3
3
|
required_providers {
|
4
4
|
cloudfoundry = {
|
5
5
|
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.
|
6
|
+
version = "0.53.1"
|
7
7
|
}
|
8
8
|
}
|
9
9
|
|
@@ -15,3 +15,10 @@ terraform {
|
|
15
15
|
profile = "<%= app_name %>-terraform-backend"
|
16
16
|
}
|
17
17
|
}
|
18
|
+
|
19
|
+
provider "cloudfoundry" {
|
20
|
+
api_url = "https://api.fr.cloud.gov"
|
21
|
+
user = var.cf_user
|
22
|
+
password = var.cf_password
|
23
|
+
app_logs_max = 30
|
24
|
+
}
|
@@ -15,20 +15,10 @@ module RailsTemplate18f
|
|
15
15
|
|
16
16
|
def install
|
17
17
|
directory "terraform", mode: :preserve
|
18
|
-
chmod "terraform/set_space_egress.sh", 0o755
|
19
18
|
chmod "terraform/bootstrap/run.sh", 0o755
|
20
19
|
chmod "terraform/bootstrap/teardown_creds.sh", 0o755
|
21
20
|
end
|
22
21
|
|
23
|
-
def install_jq
|
24
|
-
append_to_file "Brewfile", <<~EOB
|
25
|
-
|
26
|
-
# used in terraform/create_space_deployer.sh
|
27
|
-
brew "jq"
|
28
|
-
EOB
|
29
|
-
insert_into_file "README.md", indent("* [jq](https://stedolan.github.io/jq/)\n"), after: /\* Install homebrew dependencies: `brew bundle`\n/
|
30
|
-
end
|
31
|
-
|
32
22
|
def ignore_files
|
33
23
|
unless skip_git?
|
34
24
|
append_to_file ".gitignore", <<~EOM
|
data/template.rb
CHANGED
@@ -58,6 +58,15 @@ compliance_template_submodule = compliance_template && yes?("Clone #{compliance_
|
|
58
58
|
if compliance_template_submodule
|
59
59
|
compliance_template_repo = ask("What is the git clone address of your compliance-template fork?")
|
60
60
|
end
|
61
|
+
if compliance_template_repo.blank?
|
62
|
+
register_announcement("OSCAL Documentation", <<~EOM)
|
63
|
+
Skipping OSCAL files as the compliance-template fork was left blank.
|
64
|
+
|
65
|
+
Re-run the oscal generator after creating your template fork to get started with OSCAL.
|
66
|
+
EOM
|
67
|
+
compliance_template = false
|
68
|
+
compliance_template_submodule = false
|
69
|
+
end
|
61
70
|
|
62
71
|
terraform = yes?("Create terraform files for cloud.gov services? (y/n)")
|
63
72
|
@cloud_gov_organization = ask("What is your cloud.gov organization name? (Leave blank to fill in later)")
|
@@ -141,6 +150,9 @@ end
|
|
141
150
|
|
142
151
|
# setup pa11y and owasp scanning
|
143
152
|
directory "bin", mode: :preserve
|
153
|
+
chmod "bin/ops/create_service_account.sh", 0o755
|
154
|
+
chmod "bin/ops/destroy_service_account.sh", 0o755
|
155
|
+
chmod "bin/ops/set_space_egress.sh", 0o755
|
144
156
|
copy_file "pa11yci", ".pa11yci"
|
145
157
|
copy_file "editorconfig", ".editorconfig"
|
146
158
|
copy_file "zap.conf"
|
@@ -234,7 +246,7 @@ end
|
|
234
246
|
# setup USWDS and asset pipeline
|
235
247
|
copy_file "browserslistrc", ".browserslistrc" if webpack?
|
236
248
|
after_bundle do
|
237
|
-
run 'npm set
|
249
|
+
run 'npm pkg set scripts.build:css="postcss ./app/assets/stylesheets/application.postcss.scss -o ./app/assets/builds/application.css"'
|
238
250
|
# include verbose flag for dev postcss output
|
239
251
|
gsub_file "Procfile.dev", "yarn build:css --watch", "yarn build:css --verbose --watch"
|
240
252
|
# Replace postcss-nesting with sass since USWDS uses sass
|
@@ -430,6 +442,11 @@ if @circleci_pipeline
|
|
430
442
|
]
|
431
443
|
generate "rails_template18f:circleci", *generator_arguments
|
432
444
|
end
|
445
|
+
if cloud_gov_org_tktk?
|
446
|
+
register_announcement("CircleCI", <<~EOM)
|
447
|
+
* Fill in the cloud.gov organization information in .circleci/config.yml
|
448
|
+
EOM
|
449
|
+
end
|
433
450
|
register_announcement("CircleCI", <<~EOM)
|
434
451
|
* Create project environment variables for deploy users as defined in the Deployment section of the README
|
435
452
|
EOM
|
data/templates/Brewfile
CHANGED
data/templates/README.md.tt
CHANGED
@@ -15,6 +15,7 @@ guide for an introduction to the framework.
|
|
15
15
|
* Install homebrew dependencies: `brew bundle`
|
16
16
|
* [PostgreSQL](https://www.postgresql.org/)
|
17
17
|
* [Dockerize](https://github.com/jwilder/dockerize)
|
18
|
+
* [jq](https://stedolan.github.io/jq/)
|
18
19
|
* [ADR Tools](https://github.com/npryce/adr-tools)
|
19
20
|
* [Chromedriver](https://sites.google.com/chromium.org/driver/)
|
20
21
|
* Chromedriver must be allowed to run. You can either do that by:
|