-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathzero-module.yml
227 lines (223 loc) · 9.11 KB
/
zero-module.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
name: zero-backend-go
description: 'Zero module for a backend service in Go running in Kubernetes'
author: 'Commit'
zeroVersion: '>= 0.2.1'
commands:
check: sh scripts/check.sh
dependsOn:
- zero-aws-eks-stack
template:
strictMode: true
delimiters:
- '<%'
- '%>'
inputDir: 'templates'
outputDir: 'backend-service'
requiredCredentials:
- aws
- github
parameters:
- field: useExistingAwsProfile
label: "Use credentials from an existing AWS profile?"
info: "You can choose either a currently existing profile if you've already configured your AWS CLI, or manually enter a pair of AWS access keys."
options:
"yes": "Yes"
"no": "No"
omitFromProjectFile: yes
- field: profilePicker
omitFromProjectFile: yes
type: AWSProfilePicker
conditions:
- action: KeyMatchCondition
whenValue: "yes"
matchField: useExistingAwsProfile
- field: accessKeyId
label: AWS AccessKeyId
info: "AWS access is controlled by a pair of keys tied to a user account.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html "
envVarName: "AWS_ACCESS_KEY_ID"
conditions:
- action: KeyMatchCondition
whenValue: "no"
matchField: useExistingAwsProfile
- field: secretAccessKey
envVarName: "AWS_SECRET_ACCESS_KEY"
label: AWS SecretAccessKey
info: "AWS access is controlled by a pair of keys tied to a user account.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html "
conditions:
- action: KeyMatchCondition
whenValue: "no"
matchField: useExistingAwsProfile
- field: githubAccessToken
label: "Github API Key to setup your repository and optionally CI/CD"
info: "This API key will let us set up new repositories to check in your code.\nhttps://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token"
envVarName: GITHUB_ACCESS_TOKEN
- field: region
label: Select AWS Region
info: "This is the region your resources will be created in.\nMost regions have all the same features and functionality, but depending on your product you may need to choose a different region for data sovereignty reasons."
options:
"us-east-1": "us-east-1 - US East (N. Virginia)"
"us-east-2": "us-east-2 - US East (Ohio)"
"us-west-2": "us-west-2 - US West (Oregon)"
"ca-central-1": "ca-central-1 - Canada (Central)"
"eu-west-1": "eu-west-1 - Europe (Ireland)"
"ap-southeast-1": "ap-southeast-1 - Asia Pacific (Singapore)"
- field: productionHostRoot
label: Production Root Host Name (e.g. mydomain.com)
info: "This must be the root of the chosen domain, not a subdomain. You will also be prompted for the subdomains to use for your application."
fieldValidation:
type: regex
value: '^([a-z0-9]+(-[a-z0-9]+)*\.{1})+[a-z]{2,}$'
errorMessage: Invalid root domain name
- field: productionFrontendSubdomain
label: Production Frontend Host Name (e.g. app.)
info: "The subdomain that will point to the static assets of your frontend hosted in Cloudfront."
default: app.
fieldValidation:
type: regex
value: '^([a-z0-9]+(-[a-z0-9]+)*\.)$'
errorMessage: Invalid subdomain (cannot contain special chars & must end with a '.')
- field: productionBackendSubdomain
label: Production Backend Host Name (e.g. api.)
info: "The subdomain that will point to the API of your backend running in Kubernetes."
default: api.
fieldValidation:
type: regex
value: '^([a-z0-9]+(-[a-z0-9]+)*\.)$'
errorMessage: Invalid subdomain (cannot contain special chars & must end with a '.')
- field: stagingHostRoot
label: Staging Root Host Name (e.g. mydomain-staging.com)
info: "This must be the root of the chosen domain, not a subdomain. You will also be prompted for the subdomains to use for your application.\nIt's recommended that you use different hostnames for staging and production instead of trying to have staging as a subdomain of your production domain."
fieldValidation:
type: regex
value: '^([a-z0-9]+(-[a-z0-9]+)*\.{1})+[a-z]{2,}$'
errorMessage: Invalid root domain name
- field: stagingFrontendSubdomain
label: Staging Frontend Host Name (e.g. app.)
info: "The subdomain that will point to the static assets of your frontend hosted in Cloudfront."
default: app.
fieldValidation:
type: regex
value: '^([a-z0-9]+(-[a-z0-9]+)*\.)$'
errorMessage: Invalid subdomain (cannot contain special chars & must end with a '.')
- field: stagingBackendSubdomain
label: Staging Backend Host Name (e.g. api.)
info: "The subdomain that will point to the API of your backend running in Kubernetes."
default: api.
fieldValidation:
type: regex
value: '^([a-z0-9]+(-[a-z0-9]+)*\.)$'
errorMessage: Invalid subdomain (cannot contain special chars & must end with a '.')
- field: database
label: Database engine to use
info: "This will set up a database for you using RDS.\nIt will be accessible only by your application, credentials will be created automatically."
options:
"postgres": "PostgreSQL"
"mysql": "MySQL"
- field: cacheStore
label: "Cache store to use"
info: "If necessary for your application, this will set up a cache using AWS ElastiCache."
options:
"none": "none"
"redis": "Redis"
"memcached": "Memcached"
- field: accountId
label: AWS Account ID
execute: aws sts get-caller-identity --query "Account" | tr -d '"'
- field: randomSeed
label: Random seed that will be shared between projects to come up with deterministic resource names
execute: uuidgen | head -c 8
- field: databaseName
execute: echo "$projectName"| sed "s/[- ]//g"
- field: fileUploads
label: Enable file uploads using S3 and Cloudfront signed URLs?
info: "This will allow secure file uploads and downloads through your application.\nIt will require manual creation of a Cloudfront keypair in AWS. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html"
default: yes
options:
"yes": "Yes"
"no": "No"
- field: userAuth
label: Enable user management and auth access proxy?
info: "This will enable infrastructure and application code that uses Kratos for user management and the Oathkeeper access proxy.\nhttps://ory.sh"
default: yes
options:
"yes": "Yes"
"no": "No"
- field: CIVendor
label: Which CI vendor would you like to use?
info: "Build pipelines will be set up which will deploy your code to your infrastructure whenever PRs are merged to the main branch."
default: "circleci"
options:
"circleci": "CircleCI"
"github-actions": "Github Actions"
- field: circleciApiKey
label: "CircleCI API Key"
info: "This will let us configure your CircleCI account to automatically enable CI for these newly created projects.\nhttps://circleci.com/docs/2.0/managing-api-tokens/"
envVarName: CIRCLECI_API_KEY
conditions:
- action: KeyMatchCondition
matchField: CIVendor
whenValue: "circleci"
- field: billingEnabled
label: "Enable billing support?"
info: "Provides a subscription example using stripe in the backend and frontend repositories."
options:
"yes": "Yes"
"no": "No"
- field: stagingStripePublicApiKey
label: "Staging Stripe public api key"
info: "Used for the frontend repository. It's recommended to use a sandbox key while getting set up."
conditions:
- action: KeyMatchCondition
matchField: billingEnabled
whenValue: "yes"
- field: stagingStripeSecretApiKey
label: "Staging Stripe secret api key"
info: "Used for the backend repository. It's recommended to use a sandbox key while getting set up."
conditions:
- action: KeyMatchCondition
matchField: billingEnabled
whenValue: "yes"
- field: productionStripePublicApiKey
label: "Production Stripe public api key"
info: "Used for the frontend repository. It's recommended to use a sandbox key while getting set up."
conditions:
- action: KeyMatchCondition
matchField: billingEnabled
whenValue: "yes"
- field: productionStripeSecretApiKey
label: "Production Stripe secret api key"
info: "Used for the backend repository. It's recommended to use a sandbox key while getting set up."
conditions:
- action: KeyMatchCondition
matchField: billingEnabled
whenValue: "yes"
conditions:
- action: ignoreFile
matchField: userAuth
whenValue: "no"
data:
- internal/auth
- kubernetes/base/auth.yml
- kubernetes/overlays/staging/auth.yml
- kubernetes/overlays/production/auth.yml
- action: ignoreFile
matchField: fileUploads
whenValue: "no"
data:
- internal/file
- action: ignoreFile
matchField: CIVendor
whenValue: "circleci"
data:
- .github/
- action: ignoreFile
matchField: CIVendor
whenValue: "github-actions"
data:
- .circleci/
- action: ignoreFile
matchField: billingEnabled
whenValue: "no"
data:
- internal/billing
- scripts/stripe-example-setup.sh