Merge pull request #2 from cristian-rincon/feature/2-ci-cd

feat: Step 2 - CI/CD

.github/workflows/cd.yaml

@@ -0,0 +1,79 @@
+name: Continuous Deployment
+run-name: CD
+on:
+    workflow_run:
+        workflows: ["Continuous Integration"]
+        types:
+            - completed
+        branches:
+            - main
+            - develop
+env:
+    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} 
+    GCP_REGION: ${{ secrets.GCP_REGION }}
+    GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
+    GCP_CREDENTIALS_JSON: ${{ secrets.GCP_CREDENTIALS_JSON }}
+    GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/credentials.json 
+jobs:
+    apply:
+        name: Apply Terraform
+        runs-on: ubuntu-latest
+        environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v2
+            - name: Setup Terraform
+              uses: hashicorp/setup-terraform@v1
+              with:
+                  terraform_version: 1.8.1
+            - name: Set up gcloud Cloud SDK environment
+              uses: google-github-actions/setup-gcloud@v2.1.1
+            - name: Authenticate to GCP
+              run: |
+                echo "${GCP_CREDENTIALS_JSON}" > ${{ github.workspace }}/credentials.json
+                gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json
+                gcloud config set project ${{ env.GCP_PROJECT_ID }}  # Reemplaza con tu ID de proyecto
+            - name: Terraform Init
+              run: terraform init
+              working-directory: ./infra
+            - name: Terraform Plan
+              id: plan
+              run: terraform plan -out=tfplan
+              env:
+                TF_VAR_environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
+                TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID }}
+                TF_VAR_region: ${{ env.GCP_REGION }}
+                GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GCP_CREDENTIALS_JSON }}
+            - name: Terraform Apply
+              run: terraform apply -auto-approve tfplan
+              env:
+                TF_VAR_environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
+                TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID }}
+                TF_VAR_region: ${{ env.GCP_REGION }}
+            - name: Set GitHub Environment
+              id: set_environment
+              uses: actions/github-script@v6
+              with:
+                  script: |
+                    const environment = '${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}';
+                    const context = require('@actions/github').context;
+                    const response = await github.request(`POST /repos/${context.repo.owner}/${context.repo.repo}/deployments`, {
+                        ref: context.ref,
+                        environment: environment,
+                        description: `Deploying to ${environment} environment`,
+                    });
+                    return response.data.id;
+        
+            - name: GitHub Deployment Status
+              uses: actions/github-script@v6
+              with:
+                script: |
+                    const deployment_id = '${{ steps.set_environment.outputs.result }}';
+                    await github.request(`POST /repos/${context.repo.owner}/${context.repo.repo}/deployments/${deployment_id}/statuses`, {
+                        state: 'success',
+                        description: 'Deployment completed successfully',
+                    });
+
+            - name: Terraform Output
+              run: terraform output

.github/workflows/ci.yaml

@@ -0,0 +1,67 @@
+name: Continuous Integration
+run-name: CI
+on:
+  push:
+    branches:
+      - main
+      - develop
+  pull_request:
+    branches:
+      - main
+      - develop
+env:
+    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} 
+    GCP_REGION: ${{ secrets.GCP_REGION }}
+    GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
+    GCP_CREDENTIALS_JSON: ${{ secrets.GCP_CREDENTIALS_JSON }}
+    GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/credentials.json 
+jobs:
+    check-terraform-code:
+        name: Check Terraform Code
+        runs-on: ubuntu-latest
+        environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v2
+            - name: Setup Terraform
+              uses: hashicorp/setup-terraform@v1
+              with:
+                  terraform_version: 1.8.1
+            - name: Set up gcloud Cloud SDK environment
+              uses: google-github-actions/setup-gcloud@v2.1.1
+            - name: Authenticate to GCP
+              run: |
+                echo "${GCP_CREDENTIALS_JSON}" > ${{ github.workspace }}/credentials.json            
+                gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json
+                gcloud config set project ${{ env.GCP_PROJECT_ID }}  # Reemplaza con tu ID de proyecto
+            - name: Terraform Init
+              run: terraform init
+              working-directory: ./infra
+            - name: Terraform Format
+              run: terraform fmt -check
+              working-directory: ./infra
+            - name: Terraform Validate
+              run: terraform validate
+              working-directory: ./infra
+            - name: Terraform Plan
+              run: terraform plan
+              working-directory: ./infra
+              env:
+                TF_VAR_environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
+                TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID }}
+                TF_VAR_region: ${{ env.GCP_REGION }}
+    # check-python-code:
+    #     name: Check Python Code
+    #     runs-on: ubuntu-latest
+    #     steps:
+    #         - name: Checkout code
+    #           uses: actions/checkout@v2
+    #         - name: Setup Python
+    #           uses: actions/setup-python@v2
+    #           with:
+    #               python-version: 3.9
+    #         - name: Install dependencies
+    #           run: pip install -r requirements.txt
+    #         - name: Run tests
+    #           run: pytest

README.md

@@ -2,9 +2,23 @@
 
 ## Setup
 
-Apis to be enabled:
+### Pre-requisites
 
-- Billing API
+- [Gcloud CLI](https://cloud.google.com/sdk/docs/install?hl=es-419)
+- [Terraform CLI](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)
+- [Python 3.9+](https://www.python.org/downloads/)
+
+####  Optional
+
+- [Terraform Docs](https://terraform-docs.io/)
+- [NodeJS](https://nodejs.org/en/download/package-manager) (Pre-requisite for auto-changelog)
+- [Auto-Changelog](https://www.npmjs.com/package/auto-changelog)
+
+###  Apis to be enabled
+
+> In case that you want to test from local, You (or a service account) must have enough permissions to enable the following APIs:
+
+- Billing API (Just in case that you are about to [create a project from scratch](https://developers.google.com/workspace/guides/create-project#google-cloud-console))
 - Cloud Functions API
 - Pub/Sub API
 - Bigquery API
@@ -62,4 +76,30 @@ curl -m 310 -X POST https://<fn_ingest_data_url> \
 curl -m 310 -X POST https://<fn_fetch_data_url> \
 -H "Authorization: bearer $(gcloud auth print-identity-token)" -H "Content-Type: application/json" \
 -d '{}'
-```
+```
+
+## 3. CI/CD
+
+The CI/CD process is orchestrated by [GitHub Actions](https://docs.github.com/en/actions). You can find the current workflows at `.github/workflows/` folder.
+
+### 3.1 Create privileged service account for Terraform
+
+A new service account (and service account key) must be created to grant privileged access to terraform. To do that, see this [documentation](https://cloud.google.com/iam/docs/service-accounts-create)
+
+Required roles: Admin (See [how to manage access to service accounts](https://cloud.google.com/iam/docs/manage-access-service-accounts))
+
+### 3.1 GitHub Actions Pre-Requisites
+
+You need to create the following environments in your repository:
+
+- development
+- production
+
+Additionally, the following environment secrets must be created:
+
+GCP_PROJECT_ID: <the project id where you want to deploy the infrastructure>
+GCP_REGION: <the region where you want to deploy the infrastructure>
+GCP_CREDENTIALS_JSON: <the service account that you have created with enough permissions to create/manage the infrastructure resources>
+
+Next, you will need to create a bucket to store the terraform state securely. See the following [documentation](https://cloud.google.com/docs/terraform/resource-management/store-state) to
+store the state in a remote backend.

infra/provider.tf

@@ -5,6 +5,10 @@ terraform {
       version = "6.2.0"
     }
   }
+  backend "gcs" {
+    bucket = "350820-terraform-state"
+    prefix = "terraform/state"
+  }
 }
 
 provider "google" {