760 technical guidance migration

.github/workflows/delete_review_app_aks.yml

@@ -0,0 +1,41 @@
+name: Delete review app on AKS
+
+on:
+  pull_request:
+    branches:
+    - master
+    types:
+    - closed
+
+concurrency: deploy-${{ github.ref }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    environment: review
+
+    steps:
+    - name: Destroy review app
+      uses: actions/checkout@v4
+
+    - uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: 1.6.4
+        terraform_wrapper: false
+
+    - uses: DFE-Digital/github-actions/set-arm-environment-variables@master
+      with:
+        azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: Terraform Destroy
+      run: |
+        make ci review terraform-destroy
+      env:
+        PR_NUMBER: ${{ github.event.pull_request.number }}
+
+    - name: Post Pull Request Comment
+      if: ${{ github.event_name == 'pull_request' }}
+      uses: marocchino/sticky-pull-request-comment@v2
+      with:
+        header: aks
+        message: Review app <https://technical-guidance-${{ github.event.pull_request.number }}.test.teacherservices.cloud> was deleted

.github/workflows/deploy_aks.yml

@@ -0,0 +1,94 @@
+name: Build and deploy to AKS cluster
+
+on:
+  push:
+    branches:
+    - master
+  pull_request:
+    branches:
+    - master
+
+concurrency: deploy-${{ github.ref }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      docker-image-tag: ${{ steps.build-image.outputs.tag }}
+      matrix-environments: ${{ toJSON(steps.*.outputs.matrix-environment) }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+        bundler-cache: true
+
+    - name: Build docs with middleman
+      run: make build
+
+    - name: Build and push docker image
+      id: build-image
+      uses: DFE-Digital/github-actions/build-docker-image@master
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        context: .
+
+    - name: Prepare matrix environments review
+      id: matrix-env-review
+      if: github.event_name == 'pull_request'
+      run: echo "matrix-environment=review" >> $GITHUB_OUTPUT
+
+    - name: Prepare matrix environments for production
+      id: matrix-env-main
+      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+      run: |
+        echo "matrix-environment=production" >> $GITHUB_OUTPUT
+
+  deploy:
+        name: Deploy ${{ matrix.environment }}
+        runs-on: ubuntu-latest
+        needs: [build]
+        environment:
+          name: ${{ matrix.environment }}
+          url: ${{ steps.get-app-url.outputs.url }}
+        strategy:
+          max-parallel: 1
+          matrix:
+            environment: ${{ fromJSON(needs.build.outputs.matrix-environments) }}
+
+        steps:
+          - name: Checkout code
+            uses: actions/checkout@v3
+
+          - uses: hashicorp/setup-terraform@v3
+            with:
+              terraform_version: 1.6.4
+              terraform_wrapper: false
+
+          - uses: DFE-Digital/github-actions/set-arm-environment-variables@master
+            with:
+              azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+
+          - name: Terraform Apply
+            run: |
+              make ci ${{ matrix.environment }} terraform-apply
+            env:
+              DOCKER_IMAGE_TAG: ${{ needs.build.outputs.docker-image-tag }}
+              PR_NUMBER: ${{ github.event.pull_request.number }}
+
+          - name: Get application URL
+            id: get-app-url
+            run: |
+              url=$(terraform -chdir=terraform/application output -raw url)
+              echo "url=${url}" >> $GITHUB_OUTPUT
+
+          - name: Post comment to Pull Request ${{ github.event.number }}
+            if: ${{ github.event_name == 'pull_request' }}
+            uses: marocchino/sticky-pull-request-comment@v2
+            with:
+              header: aks
+              message: Review app deployed to <${{ steps.get-app-url.outputs.url }}>

.gitignore

@@ -20,3 +20,11 @@
 
 # Ignore vscode files
 .vscode/
+
+# Ignore terraform files
+bin/terrafile
+.terraform
+terraform/application/vendor
+terraform/domains/environment_domains/vendor
+terraform/domains/infrastructure/vendor
+terraform.tfstate*

.tool-versions

@@ -1 +1,2 @@
 ruby 2.7.6
+terraform 1.6.4

Dockerfile

@@ -1,30 +1,3 @@
-# Use the official Ruby 2.7.6 image as the base image
-FROM ruby:2.7.6
+FROM nginx:1.25.3-alpine3.18-slim
 
-# Install Node.js and npm
-RUN apt-get update && apt-get install -y nodejs npm
-
-# RUN   apt-get install -y nodejs npm
-
-# Set the working directory to /app
-WORKDIR /app
-
-# Copy the Gemfile and Gemfile.lock into the container
-COPY Gemfile Gemfile.lock ./
-
-# Install the required gems
-RUN bundle install
-
-# Copy the package.json and package-lock.json into the container
-COPY package*.json ./
-
-# Install the required npm packages
-RUN npm install
-
-# Copy the rest of the application code into the container
-COPY . .
-
-EXPOSE 4567
-
-# Start the application
-CMD ["rails", "server", "-b", "0.0.0.0"]
+COPY ./build/ /usr/share/nginx/html

Makefile

@@ -1,3 +1,102 @@
+TERRAFILE_VERSION=0.8
+ARM_TEMPLATE_TAG=1.1.10
+RG_TAGS={"Product" : "Teacher services cloud"}
+REGION=UK South
+SERVICE_NAME=technical-guidance
+SERVICE_SHORT=techg
+DOCKER_REPOSITORY=ghcr.io/dfe-digital/technical-guidance
+
+help:
+	@grep -E '^[a-zA-Z\._\-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+review: test-cluster
+	$(if ${PR_NUMBER},,$(error Missing PR_NUMBER))
+	$(eval ENVIRONMENT=${PR_NUMBER})
+	$(eval TF_VAR_ENVIRONMENT=${PR_NUMBER})
+	$(eval include global_config/review.sh)
+
+production: production-cluster
+	$(if $(or ${SKIP_CONFIRM}, ${CONFIRM_PRODUCTION}), , $(error Missing CONFIRM_PRODUCTION=yes))
+	$(eval include global_config/production.sh)
+
+domains:
+	$(eval include global_config/domains.sh)
+
+composed-variables:
+	$(eval RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg)
+	$(eval KEYVAULT_NAMES='("${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv", "${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv")')
+	$(eval STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}${CONFIG_SHORT}tfsa)
+
+ci:
+	$(eval AUTO_APPROVE=-auto-approve)
+	$(eval SKIP_AZURE_LOGIN=true)
+	$(eval SKIP_CONFIRM=true)
+
+bin/terrafile: ## Install terrafile to manage terraform modules
+	curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \
+		| tar xz -C ./bin terrafile
+
+set-azure-account:
+	[ "${SKIP_AZURE_LOGIN}" != "true" ] && az account set -s ${AZURE_SUBSCRIPTION} || true
+
+terraform-init: composed-variables bin/terrafile set-azure-account
+	$(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=main))
+
+	./bin/terrafile -p terraform/application/vendor/modules -f terraform/application/config/$(CONFIG)_Terrafile
+	terraform -chdir=terraform/application init -upgrade -reconfigure \
+		-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \
+		-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \
+		-backend-config=key=${ENVIRONMENT}_kubernetes.tfstate
+	$(eval export TF_VAR_environment=${ENVIRONMENT})
+	$(eval export TF_VAR_azure_resource_prefix=${AZURE_RESOURCE_PREFIX})
+	$(eval export TF_VAR_config_short=${CONFIG_SHORT})
+	$(eval export TF_VAR_service_name=${SERVICE_NAME})
+	$(eval export TF_VAR_service_short=${SERVICE_SHORT})
+	$(eval export TF_VAR_docker_image=${DOCKER_REPOSITORY}:${DOCKER_IMAGE_TAG})
+
+terraform-plan: terraform-init
+	terraform -chdir=terraform/application plan -var-file "config/${CONFIG}.tfvars.json"
+
+terraform-apply: terraform-init
+	terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE}
+
+terraform-destroy: terraform-init
+	terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE}
+
+set-what-if:
+	$(eval WHAT_IF=--what-if)
+
+arm-deployment: composed-variables set-azure-account
+	$(if ${DISABLE_KEYVAULTS},, $(eval KV_ARG=keyVaultNames=${KEYVAULT_NAMES}))
+	$(if ${ENABLE_KV_DIAGNOSTICS}, $(eval KV_DIAG_ARG=enableDiagnostics=${ENABLE_KV_DIAGNOSTICS} logAnalyticsWorkspaceName=${LOG_ANALYTICS_WORKSPACE_NAME}),)
+
+	az deployment sub create --name "resourcedeploy-tsc-$(shell date +%Y%m%d%H%M%S)" \
+		-l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
+		--parameters "resourceGroupName=${RESOURCE_GROUP_NAME}" 'tags=${RG_TAGS}' \
+		"tfStorageAccountName=${STORAGE_ACCOUNT_NAME}" "tfStorageContainerName=terraform-state" \
+		${KV_ARG} \
+		${KV_DIAG_ARG} \
+		"enableKVPurgeProtection=${KV_PURGE_PROTECTION}" \
+		${WHAT_IF}
+
+deploy-arm-resources: arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources
+
+validate-arm-resources: set-what-if arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources
+
+test-cluster:
+	$(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg)
+	$(eval CLUSTER_NAME=s189t01-tsc-test-aks)
+
+production-cluster:
+	$(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg)
+	$(eval CLUSTER_NAME=s189p01-tsc-production-aks)
+
+get-cluster-credentials: set-azure-account
+	az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME}
+
+bin/konduit.sh:
+	curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \
+		&& chmod +x bin/konduit.sh
 server:
 	bundle exec middleman server --verbose
 

global_config/production.sh

@@ -0,0 +1,6 @@
+CONFIG=production
+ENVIRONMENT=production
+CONFIG_SHORT=pd
+AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production
+AZURE_RESOURCE_PREFIX=s189p01
+ENABLE_KV_DIAGNOSTICS=true

global_config/review.sh

@@ -0,0 +1,5 @@
+CONFIG=review
+CONFIG_SHORT=rv
+AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test
+AZURE_RESOURCE_PREFIX=s189t01
+KV_PURGE_PROTECTION=false

terraform/application/application.tf

@@ -0,0 +1,36 @@
+module "application_configuration" {
+  source = "./vendor/modules/aks//aks/application_configuration"
+
+  namespace              = var.namespace
+  environment            = var.environment
+  azure_resource_prefix  = var.azure_resource_prefix
+  service_short          = var.service_short
+  config_short           = var.config_short
+  secret_key_vault_short = "app"
+
+  # Delete for non rails apps
+  is_rails_application = true
+
+  config_variables = {
+    ENVIRONMENT_NAME = var.environment
+  }
+
+}
+
+module "web_application" {
+  source = "./vendor/modules/aks//aks/application"
+
+  is_web = true
+
+  namespace    = var.namespace
+  environment  = var.environment
+  service_name = var.service_name
+
+  cluster_configuration_map  = module.cluster_data.configuration_map
+  kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name
+  kubernetes_secret_name     = module.application_configuration.kubernetes_secret_name
+  web_port = 80
+  probe_path = "/"
+
+  docker_image = var.docker_image
+}