diff --git a/.editorconfig b/.editorconfig index c8559687a6..b62fcf63b0 100644 --- a/.editorconfig +++ b/.editorconfig @@ -30,5 +30,5 @@ indent_size = 2 [Makefile] indent_style = tab -[*.tf] +[{*.tf,*.tofu}] indent_size = 2 diff --git a/.github/workflows/build-backend.yml b/.github/workflows/build-backend.yml new file mode 100644 index 0000000000..066e0514ea --- /dev/null +++ b/.github/workflows/build-backend.yml @@ -0,0 +1,41 @@ +on: + workflow_call: + inputs: + githash: + required: true + type: string + +jobs: + build: + name: Build + runs-on: [self-hosted] + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + fetch-depth: 0 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.aws_access_key_id }} + aws-secret-access-key: ${{ secrets.aws_secret_access_key }} + aws-region: eu-central-1 + - name: Set up QEMU dependency + uses: docker/setup-qemu-action@v3 + - name: Login to Amazon ECR + uses: aws-actions/amazon-ecr-login@v2 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: ./backend + file: ./backend/Dockerfile + builder: ${{ steps.buildx.outputs.name }} + provenance: false + push: true + tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pycon-backend:arm-${{ inputs.githash }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + platforms: linux/arm64 diff --git a/.github/workflows/build-base-pretix.yml b/.github/workflows/build-base-pretix.yml index 0cd01282f2..d4b30095f8 100644 --- a/.github/workflows/build-base-pretix.yml +++ b/.github/workflows/build-base-pretix.yml @@ -39,7 +39,7 @@ jobs: builder: ${{ steps.buildx.outputs.name }} provenance: false push: true - tags: ghcr.io/pythonitalia/pycon/arm-pretix:${{ inputs.version }} + tags: ghcr.io/pythonitalia/pycon/base-pretix:${{ inputs.version }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache platforms: linux/arm64 diff --git a/.github/workflows/build-frontend.yml b/.github/workflows/build-frontend.yml new file mode 100644 index 0000000000..c71008f76e --- /dev/null +++ b/.github/workflows/build-frontend.yml @@ -0,0 +1,65 @@ +on: + workflow_call: + inputs: + githash: + required: true + type: string + tf_environment: + required: true + type: string + +jobs: + build: + name: Build + runs-on: [self-hosted] + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + fetch-depth: 0 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.aws_access_key_id }} + aws-secret-access-key: ${{ secrets.aws_secret_access_key }} + aws-region: eu-central-1 + - name: Set up QEMU dependency + uses: docker/setup-qemu-action@v3 + - name: Login to Amazon ECR + uses: aws-actions/amazon-ecr-login@v2 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + - name: Get vars + id: vars + run: | + cms_hostname=$(aws ssm get-parameter --output text --query Parameter.Value --with-decryption --name /pythonit/${{ inputs.tf_environment }}/pycon-frontend/cms-hostname) + echo "CMS_HOSTNAME=$cms_hostname" >> "$GITHUB_OUTPUT" + + conference_code=$(aws ssm get-parameter --output text --query Parameter.Value --with-decryption --name /pythonit/${{ inputs.tf_environment }}/pycon-frontend/conference-code) + echo "CONFERENCE_CODE=$conference_code" >> "$GITHUB_OUTPUT" + + sentry_auth_token=$(aws ssm get-parameter --output text --query Parameter.Value --with-decryption --name /pythonit/${{ inputs.tf_environment }}/common/sentry-auth-token) + echo "::add-mask::$sentry_auth_token" + echo "SENTRY_AUTH_TOKEN=$sentry_auth_token" >> "$GITHUB_OUTPUT" + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: ./frontend + file: ./frontend/Dockerfile + builder: ${{ steps.buildx.outputs.name }} + provenance: false + push: true + tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/${{ inputs.tf_environment }}-pycon-frontend:${{ inputs.githash }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + platforms: linux/arm64 + build-args: | + API_URL_SERVER=https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it + NEXT_PUBLIC_SITE_URL=${{ fromJSON('["pastaporto-frontend.", ""]')[github.ref == 'refs/heads/main'] }}pycon.it + CMS_ADMIN_HOST=${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it + CMS_HOSTNAME=${{ steps.vars.outputs.cms_hostname }} + CONFERENCE_CODE=${{ steps.vars.outputs.conference_code }} + GIT_HASH=${{ inputs.githash }} + secrets: | + "sentry_auth_token=${{ steps.vars.outputs.sentry_auth_token }}" diff --git a/.github/workflows/build-pretix.yml b/.github/workflows/build-pretix.yml new file mode 100644 index 0000000000..b8ed77d6ce --- /dev/null +++ b/.github/workflows/build-pretix.yml @@ -0,0 +1,39 @@ +on: + workflow_call: + inputs: + githash: + required: true + type: string + +jobs: + build: + name: Build pretix + runs-on: [self-hosted] + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + fetch-depth: 0 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.aws_access_key_id }} + aws-secret-access-key: ${{ secrets.aws_secret_access_key }} + aws-region: eu-central-1 + - name: Login to Amazon ECR + uses: aws-actions/amazon-ecr-login@v2 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push pretix + uses: docker/build-push-action@v6 + with: + context: ./pretix + file: ./pretix/Dockerfile + builder: ${{ steps.buildx.outputs.name }} + provenance: false + push: true + tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:arm-${{ inputs.githash }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + platforms: linux/arm64 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c71bd61353..6d08c31845 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -12,8 +12,12 @@ env: TF_WORKSPACE: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }} jobs: - build-pretix: - runs-on: [self-hosted] + check-pretix-build: + name: Check pretix needs building + runs-on: ubuntu-24.04 + outputs: + image_exists: ${{ steps.image.outputs.image_exists }} + githash: ${{ steps.git.outputs.githash }} steps: - uses: actions/checkout@v4 with: @@ -40,59 +44,46 @@ jobs: else echo "image_exists=0" >> $GITHUB_OUTPUT fi + + check-frontend-build: + name: Check frontend needs building + runs-on: ubuntu-24.04 + outputs: + image_exists: ${{ steps.image.outputs.image_exists }} + githash: ${{ steps.git.outputs.githash }} + steps: - uses: actions/checkout@v4 - if: ${{ steps.image.outputs.image_exists == 0 }} - with: - repository: pretix/pretix - ref: v2024.10.0 - path: ./pretix-clone - - name: Login to Amazon ECR - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: aws-actions/amazon-ecr-login@v2 - - name: Set up Docker Buildx - id: buildx - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/setup-buildx-action@v3 - - name: Build pretix base - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/build-push-action@v6 - id: build-pretix-base with: - context: ./pretix-clone - file: ./pretix-clone/Dockerfile - builder: ${{ steps.buildx.outputs.name }} - provenance: false - push: true - tags: | - ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:pretix-base-${{ steps.git.outputs.githash }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - platforms: linux/arm64 - - name: Build and push pretix - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/build-push-action@v6 + ref: ${{ github.ref }} + fetch-depth: 0 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 with: - context: ./pretix - file: ./pretix/Dockerfile - builder: ${{ steps.buildx.outputs.name }} - provenance: false - push: true - tags: | - ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:arm-${{ steps.git.outputs.githash }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - platforms: linux/arm64 - build-args: | - PRETIX_IMAGE=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:pretix-base-${{ steps.git.outputs.githash }} + aws-access-key-id: ${{ secrets.aws_access_key_id }} + aws-secret-access-key: ${{ secrets.aws_secret_access_key }} + aws-region: eu-central-1 + - name: Get service githash + id: git + run: | + hash=$(git rev-list -1 HEAD -- frontend) + echo "githash=$hash" >> $GITHUB_OUTPUT + - name: Check if commit is already on ECR + id: image + run: | + set +e + aws ecr describe-images --repository-name=pythonit/${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}-pycon-frontend --image-ids=imageTag=${{ steps.git.outputs.githash }} + if [[ $? == 0 ]]; then + echo "image_exists=1" >> $GITHUB_OUTPUT + else + echo "image_exists=0" >> $GITHUB_OUTPUT + fi - build-be: - runs-on: [self-hosted] - permissions: - packages: write - contents: read + check-backend-build: + name: Check backend needs building + runs-on: ubuntu-24.04 outputs: + image_exists: ${{ steps.image.outputs.image_exists }} githash: ${{ steps.git.outputs.githash }} - steps: - uses: actions/checkout@v4 with: @@ -119,34 +110,30 @@ jobs: else echo "image_exists=0" >> $GITHUB_OUTPUT fi - - name: Set up QEMU dependency - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/setup-qemu-action@v3 - - name: Login to Amazon ECR - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: aws-actions/amazon-ecr-login@v2 - - name: Set up Docker Buildx - id: buildx - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/setup-buildx-action@v3 - - name: Build and push - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/build-push-action@v6 - with: - context: ./backend - file: ./backend/Dockerfile - builder: ${{ steps.buildx.outputs.name }} - provenance: false - push: true - tags: | - ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pycon-backend:arm-${{ steps.git.outputs.githash }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - platforms: linux/arm64 + + build-pretix: + name: Build pretix + needs: [check-pretix-build] + uses: ./.github/workflows/build-pretix.yml + with: + githash: ${{ needs.check-pretix-build.outputs.githash }} + secrets: inherit + if: ${{ needs.check-pretix-build.outputs.image_exists == 0 }} + + build-be: + name: Build backend + needs: [check-backend-build] + uses: ./.github/workflows/build-backend.yml + with: + githash: ${{ needs.check-backend-build.outputs.githash }} + secrets: inherit + if: ${{ needs.check-backend-build.outputs.image_exists == 0 }} deploy-be: + name: Deploy backend runs-on: ubuntu-24.04 - needs: [build-be, build-pretix] + needs: [build-be, build-pretix, check-frontend-build] + if: always() && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') environment: name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }} defaults: @@ -169,9 +156,8 @@ jobs: - name: Terraform Validate id: validate run: terraform validate -no-color - - name: Terraform apply - run: terraform apply -target module.pretix -target module.pycon_backend -target module.clamav -target module.database -target module.emails -target module.cluster -no-color -auto-approve &> /dev/null + run: terraform apply -target module.pretix -target module.pycon_backend -target module.clamav -target module.database -target module.emails -target module.cluster -target module.vpc -no-color -auto-approve &> /dev/null env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -179,8 +165,10 @@ jobs: AWS_DEFAULT_REGION: eu-central-1 wait-be-update: + name: Wait backend deployment runs-on: ubuntu-24.04 - needs: [deploy-be, build-be] + needs: [deploy-be, check-backend-build] + if: always() && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') steps: - uses: actions/checkout@v4 with: @@ -190,91 +178,23 @@ jobs: uses: ./.github/actions/wait-for-deployment with: url: https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it/health/ - githash: ${{ needs.build-be.outputs.githash }} + githash: ${{ needs.check-backend-build.outputs.githash }} build-fe: - needs: [wait-be-update] - runs-on: [self-hosted] - permissions: - packages: write - contents: read - outputs: - githash: ${{ steps.git.outputs.githash }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.ref }} - fetch-depth: 0 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.aws_access_key_id }} - aws-secret-access-key: ${{ secrets.aws_secret_access_key }} - aws-region: eu-central-1 - - name: Get service githash - id: git - run: | - hash=$(git rev-list -1 HEAD -- frontend) - echo "githash=$hash" >> $GITHUB_OUTPUT - - name: Check if commit is already on ECR - id: image - run: | - set +e - aws ecr describe-images --repository-name=pythonit/${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}-pycon-frontend --image-ids=imageTag=${{ steps.git.outputs.githash }} - if [[ $? == 0 ]]; then - echo "image_exists=1" >> $GITHUB_OUTPUT - else - echo "image_exists=0" >> $GITHUB_OUTPUT - fi - - name: Set up QEMU dependency - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/setup-qemu-action@v3 - - name: Login to Amazon ECR - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: aws-actions/amazon-ecr-login@v2 - - name: Set up Docker Buildx - id: buildx - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/setup-buildx-action@v3 - - name: Get vars - id: vars - if: ${{ steps.image.outputs.image_exists == 0 }} - run: | - cms_hostname=$(aws ssm get-parameter --output text --query Parameter.Value --with-decryption --name /pythonit/${{ env.TF_WORKSPACE }}/pycon-frontend/cms-hostname) - echo "CMS_HOSTNAME=$cms_hostname" >> "$GITHUB_OUTPUT" - - conference_code=$(aws ssm get-parameter --output text --query Parameter.Value --with-decryption --name /pythonit/${{ env.TF_WORKSPACE }}/pycon-frontend/conference-code) - echo "CONFERENCE_CODE=$conference_code" >> "$GITHUB_OUTPUT" - - sentry_auth_token=$(aws ssm get-parameter --output text --query Parameter.Value --with-decryption --name /pythonit/${{ env.TF_WORKSPACE }}/common/sentry-auth-token) - echo "::add-mask::$sentry_auth_token" - echo "SENTRY_AUTH_TOKEN=$sentry_auth_token" >> "$GITHUB_OUTPUT" - - name: Build and push - if: ${{ steps.image.outputs.image_exists == 0 }} - uses: docker/build-push-action@v6 - with: - context: ./frontend - file: ./frontend/Dockerfile - builder: ${{ steps.buildx.outputs.name }} - provenance: false - push: true - tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}-pycon-frontend:${{ steps.git.outputs.githash }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - platforms: linux/arm64 - build-args: | - API_URL_SERVER=https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it - NEXT_PUBLIC_SITE_URL=${{ fromJSON('["pastaporto-frontend.", ""]')[github.ref == 'refs/heads/main'] }}pycon.it - CMS_ADMIN_HOST=${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it - CMS_HOSTNAME=${{ steps.vars.outputs.cms_hostname }} - CONFERENCE_CODE=${{ steps.vars.outputs.conference_code }} - GIT_HASH=${{ steps.git.outputs.githash }} - secrets: | - "sentry_auth_token=${{ steps.vars.outputs.sentry_auth_token }}" + name: Build frontend + needs: [wait-be-update, check-frontend-build] + uses: ./.github/workflows/build-frontend.yml + with: + githash: ${{ needs.check-frontend-build.outputs.githash }} + tf_environment: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }} + secrets: inherit + if: always() && needs.check-frontend-build.outputs.image_exists == 0 && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') deploy-fe: + name: Deploy frontend runs-on: ubuntu-24.04 needs: [build-fe] + if: always() && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') environment: name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }} defaults: @@ -297,7 +217,6 @@ jobs: - name: Terraform Validate id: validate run: terraform validate -no-color - - name: Terraform apply run: terraform apply -no-color -auto-approve &> /dev/null env: @@ -307,8 +226,10 @@ jobs: AWS_DEFAULT_REGION: eu-central-1 wait-fe-update: + name: Wait frontend deployment runs-on: ubuntu-24.04 - needs: [deploy-fe, build-fe] + needs: [deploy-fe, check-frontend-build] + if: always() && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') steps: - uses: actions/checkout@v4 with: @@ -318,4 +239,4 @@ jobs: uses: ./.github/actions/wait-for-deployment with: url: https://${{ fromJSON('["pastaporto-frontend", "frontend"]')[github.ref == 'refs/heads/main'] }}.pycon.it/api/health - githash: ${{ needs.build-fe.outputs.githash }} + githash: ${{ needs.check-frontend-build.outputs.githash }} diff --git a/.gitignore b/.gitignore index 4e5e99d433..a59e8280b2 100644 --- a/.gitignore +++ b/.gitignore @@ -138,3 +138,4 @@ backend/__pypackages__/ backend/custom_admin/.astro/ backend/custom_admin/core.* core.* +**/.archive_files/*.zip diff --git a/.tool-versions b/.tool-versions index 1a55cb8044..056a60c037 100644 --- a/.tool-versions +++ b/.tool-versions @@ -3,3 +3,4 @@ terraform 1.3.4 python 3.11.2 rust 1.61.0 pnpm 9 +opentofu 1.8.8 diff --git a/infrastructure/global/.terraform.lock.hcl b/infrastructure/global/.terraform.lock.hcl index d553847820..a3fa96c6d9 100644 --- a/infrastructure/global/.terraform.lock.hcl +++ b/infrastructure/global/.terraform.lock.hcl @@ -1,61 +1,25 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/hashicorp/archive" { - version = "2.5.0" - hashes = [ - "h1:HXf8h8Z4JYEkBND/JiqC+CjluKqifKoDGrL1IsRo15M=", - "zh:3b5774d20e87058d6d67d9ad4ce3fc4a5f7ea7748d345fa6721e24a0cbb0a3d4", - "zh:3b94e706ac0f5151880ccc9e63d33c4113361f27e64224a942caa04a5a19cd44", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d7201858fa9376029818c9d017b4b53a933cea75480306b1122663d1e8eea2b", - "zh:8c8c7537978adf12271fe143f93b3587bb5dbabf8202ff49d0e3955b7bddc24b", - "zh:a5942584665a2689e73f3a3c43296adeaeb7e8698631d157419aa931ff856907", - "zh:a63673abdba624d60c84b819184fe86422bdbdf6bc73f68d903a7191aed32c00", - "zh:bcd1586cc32b263265e09e78f56dba3a6b6b19f5371c099a9d7a1bfe0b0667cc", - "zh:cc9e70e186e4dcef60208b4a64b42e6813b197e21ea106a96bb4eb23b54c3e44", - "zh:d4c8a0f69412892507a2c9ec0e334bcc2812a54b81212420d4f2c96ef58f713a", - "zh:e91e6d90bbc15252310eca6400d4188b29260aab0539480a3fc7b45e4d19c446", - "zh:fc468449c0dbda56aae6cb924e4a67578d18504b5b06e8989783182c6b4a5f73", - ] -} - provider "registry.terraform.io/hashicorp/aws" { - version = "5.64.0" - constraints = "5.64.0" + version = "5.82.2" + constraints = "5.82.2" hashes = [ - "h1:Xasb457vfMG/1SGu6KSApCzAqUHMlsL028OQu3dZVv8=", - "zh:1d361f8062c68c9d5ac14b0aa8390709542129b8a9b258e61bbbabc706078b44", - "zh:39dcbf53e3896bdd77071384c8fad4a5862c222c73f3bcf356aca488101f22fd", - "zh:3fad63505f0c5b6f01cc9a6ef02b2226983b79424126a9caf6eb724f654299f4", - "zh:53a8b90d00829cc27e3171a13a8ff1404ee0ea018e73f31d3f916d246cc39613", - "zh:5734c25ef5a04b40f3c1ac5f817f11e42ee3328f74dbc141c0e64afbb0acc834", - "zh:66ea14dbd87f291ce4a877123363933d3ca4022f209f885807a6689c22c24e80", - "zh:68e79654ad0894a3d93134c3377748ace3058d5fad5ec09d1e9a8f8f9b8a47ea", - "zh:7b74259d0ceef0c49cea6bcd171df997b6bad141085bbadded15b440faeb0eee", - "zh:988ebfb5d115dc57070b5abf2e4200ad49cde535f27fd2ba5e34cf9ab336a57f", + "h1:RuPaHbllUB8a2TGTyc149wJfoh6zhIEjUvFYKR6iP2E=", + "zh:0262fc96012fb7e173e1b7beadd46dfc25b1dc7eaef95b90e936fc454724f1c8", + "zh:397413613d27f4f54d16efcbf4f0a43c059bd8d827fe34287522ae182a992f9b", + "zh:436c0c5d56e1da4f0a4c13129e12a0b519d12ab116aed52029b183f9806866f3", + "zh:4d942d173a2553d8d532a333a0482a090f4e82a2238acf135578f163b6e68470", + "zh:624aebc549bfbce06cc2ecfd8631932eb874ac7c10eb8466ce5b9a2fbdfdc724", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a0a2d4efe2835f0101a0a5024e044a3f28c00e10a8d87fce89c707ef6db75cea", - "zh:aecb3e4b9121771dee9cac7975bf5d0657b5f3e8b57788c455beaeb0f3c48d93", - "zh:d2d3393170b8ef761d3146f39f6788c4a3e876e6c5d4cedca4870c2680688ae6", - "zh:daba5a005c1baa4a5eefbfb86d43ccf880eb5b42e8136f0d932f55886d72bda0", - "zh:de16a6ff3baacdaf9609a0a89aa1913fc19cccaf5ee0fc1c49c5a075baa47c02", - ] -} - -provider "registry.terraform.io/hashicorp/template" { - version = "2.2.0" - hashes = [ - "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", - "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", - "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", - "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", - "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", - "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", - "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", - "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", - "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", - "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", - "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + "zh:9e632dee2dfdf01b371cca7854b1ec63ceefa75790e619b0642b34d5514c6733", + "zh:a07567acb115b60a3df8f6048d12735b9b3bcf85ec92a62f77852e13d5a3c096", + "zh:ab7002df1a1be6432ac0eb1b9f6f0dd3db90973cd5b1b0b33d2dae54553dfbd7", + "zh:bc1ff65e2016b018b3e84db7249b2cd0433cb5c81dc81f9f6158f2197d6b9fde", + "zh:bcad84b1d767f87af6e1ba3dc97fdb8f2ad5de9224f192f1412b09aba798c0a8", + "zh:cf917dceaa0f9d55d9ff181b5dcc4d1e10af21b6671811b315ae2a6eda866a2a", + "zh:d8e90ecfb3216f3cc13ccde5a16da64307abb6e22453aed2ac3067bbf689313b", + "zh:d9054e0e40705df729682ad34c20db8695d57f182c65963abd151c6aba1ab0d3", + "zh:ecf3a4f3c57eb7e89f71b8559e2a71e4cdf94eea0118ec4f2cb37e4f4d71a069", ] } diff --git a/infrastructure/global/ecr_repos/main.tf b/infrastructure/global/ecr_repos/main.tf index f628aa0ca3..d871ea7396 100644 --- a/infrastructure/global/ecr_repos/main.tf +++ b/infrastructure/global/ecr_repos/main.tf @@ -1,11 +1,11 @@ locals { services = [ "pycon-backend", - "pycon-frontend", - "pretix" + "pretix", ] } + resource "aws_ecr_repository" "service_repo" { for_each = toset(local.services) name = "pythonit/${each.key}" diff --git a/infrastructure/global/main.tf b/infrastructure/global/main.tf index 4e13042969..c94f8ef3b2 100644 --- a/infrastructure/global/main.tf +++ b/infrastructure/global/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.64.0" + version = "5.82.2" } } diff --git a/infrastructure/tools/.terraform.lock.hcl b/infrastructure/tools/.terraform.lock.hcl new file mode 100644 index 0000000000..e43e02d9f9 --- /dev/null +++ b/infrastructure/tools/.terraform.lock.hcl @@ -0,0 +1,77 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/hashicorp/archive" { + version = "2.7.0" + hashes = [ + "h1:54u+Kfg2ITHB1k/6tC2Y/0//J66lseBIz2ydMJHvAB8=", + "zh:351318d6caad0b03c28b30362e9d8b801f94b0bfd11b08566ad2b37f63671f8a", + "zh:56b70c49a2b60cb6a4f42bed921c30863481eb0422bb180e50dde271104731d9", + "zh:7781aac1366a5ac0226f83331f152921c58b155fb91f506b0854b8267b870432", + "zh:7aabcaccacfcaa2fb84fdea93453552617e0efecc9869e88b63607c459fb99aa", + "zh:7bcd07d40cf33f64c19f033d3ee64a243f09e039a2516ab3707aceb51669a532", + "zh:a423791fae7a51f1235f47ba13baa61d50714b10d84bbf391a6c0b55fe2e1a9a", + "zh:c8af7913de581bf2ca2dbf0906e604123a2a8f86a087c3b40a79cdacd5e867f5", + "zh:ee6c2995e7d462a0e769d62e5345e04acddff8af38422e7dd3925d1769408e7b", + "zh:f5c2311af4ee6ad8f1bd7eb4a1d38e371d1cbe90abf812797f6863e420f1c463", + "zh:fb3c41fa9fe5181db85c58d4893474082a2c7f14ba5a69e38c609b1fda9ba741", + ] +} + +provider "registry.opentofu.org/hashicorp/aws" { + version = "5.82.2" + constraints = "5.82.2" + hashes = [ + "h1:65B6GjFmKobkuaO58AcDPUu/otnTR7qRTynWTgU5A7Q=", + "zh:0c662b1f27119941e2329155070c8a81f6979e3d5e98296949f373c46487d84e", + "zh:56cbaeaf050174bb9ba9a00f31fe441365ffece6ad39254885c9d4e6517e27e3", + "zh:6e7f66c9f9955deb9ce0a2ae4b6df366b3b6bc3e23bca1fcdd4351ecab3ec907", + "zh:7971a22df020391ca20936584282d01f3380bcfc79260afbdf04d6b4d50cf75a", + "zh:7b8f2175447e64c9a9c9624818a597cd6c1609f379f7f8e3e179ee7394a467b7", + "zh:a805e26eb7f58e46b130decab79c0871dfd73206d7bd6c1793e27c2dc35fd8b6", + "zh:b6163e746c77d47269c0e3014bdc1f805152b3d94471dd6443373d91b848cf45", + "zh:c46872fd0c304852bd506c036f31dbe047a97036992319a3c594949538651680", + "zh:d586f1ef412f336ede54d720a78f11a64952a39bfe401e141d24826530cb2449", + "zh:ddaf2e1de0f1660ac31c5f1bebd40cc2b29e19f64bf41591c3b5df00dc268367", + ] +} + +provider "registry.opentofu.org/hashicorp/random" { + version = "3.6.3" + hashes = [ + "h1:Ry0Lr0zaoicslZlcUR4rAySPpl/a7QupfMfuAxhW3fw=", + "zh:1bfd2e54b4eee8c761a40b6d99d45880b3a71abc18a9a7a5319204da9c8363b2", + "zh:21a15ac74adb8ba499aab989a4248321b51946e5431219b56fc827e565776714", + "zh:221acfac3f7a5bcd6cb49f79a1fca99da7679bde01017334bad1f951a12d85ba", + "zh:3026fcdc0c1258e32ab519df878579160b1050b141d6f7883b39438244e08954", + "zh:50d07a7066ea46873b289548000229556908c3be746059969ab0d694e053ee4c", + "zh:54280cdac041f2c2986a585f62e102bc59ef412cad5f4ebf7387c2b3a357f6c0", + "zh:632adf40f1f63b0c5707182853c10ae23124c00869ffff05f310aef2ed26fcf3", + "zh:b8c2876cce9a38501d14880a47e59a5182ee98732ad7e576e9a9ce686a46d8f5", + "zh:f27e6995e1e9fe3914a2654791fc8d67cdce44f17bf06e614ead7dfd2b13d3ae", + "zh:f423f2b7e5c814799ad7580b5c8ae23359d8d342264902f821c357ff2b3c6d3d", + ] +} + +provider "registry.opentofu.org/integrations/github" { + version = "6.4.0" + constraints = "~> 6.0" + hashes = [ + "h1:sJvuRMYWJ/ykZXTuoCuocHvx06hTwDVrXVVXq1814bw=", + "zh:00f431c2a2510efcb1115442dda5e90815bcb16e1a3301679ade0139fa963d3b", + "zh:12a862f4317b3cb65682c1b687650cd91eeee99e63774bdcfa8bcfc64bad097b", + "zh:226d5e09ff27f94cb9336089181d26f85cb30219b863a579597f2e107f37de49", + "zh:402ecaa5add568a52ee01d816810f3b90f693be35c680fcdc9b6284bf55326f1", + "zh:60e3bdd9fbefb3c1d790bc08889c1dc0e83636b82284faaa709411aa4f96bb9f", + "zh:625099eeff2f8aaecd22a24a451b326828435c8f9de86f2e5e99872e7b467fa7", + "zh:79e8b665421009df2260f50e10da1f7a7863b557ece96e2b07dfd2fad1e86fcd", + "zh:98e471fefc93dcfedeec750c694110db7d3331dc3a256191d30b9d2f70d12157", + "zh:a17702765e1fa92d1c288ddfd97075819ad61b344b341be7e09c554c841a6d9e", + "zh:ca72ccf40624ae26bf4660d8dd84a51638f0a1e78d5f19fdfaafaef97f838af6", + "zh:d009ab5527d45c44c424d26cd2eb51a5a6a6448f3fb1023b675789588cc08d64", + "zh:e5811be1e942a75b14dfcd3e03523d8df60cfbde0d7e24d75e78480a02a58949", + "zh:e6008ad28225ad6996b06bcd7f3070863329df406a56754e7fb9c31d6301ace4", + "zh:f1d93f56ea4f87183a5de4780704907605851d95a2d285a9ec755bf784c5569c", + "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", + ] +} diff --git a/infrastructure/tools/main.tf b/infrastructure/tools/main.tf new file mode 100644 index 0000000000..5a23606d26 --- /dev/null +++ b/infrastructure/tools/main.tf @@ -0,0 +1,26 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "5.82.2" + } + github = { + source = "integrations/github" + version = "~> 6.0" + } + } + + backend "s3" { + bucket = "xujw087uco-infrastructure-tools-opentofu" + key = "opentofu.tfstate" + region = "eu-central-1" + } +} + +provider "aws" { + region = "eu-central-1" +} + +provider "github" { + owner = "pythonitalia" +} diff --git a/infrastructure/tools/vpc.tf b/infrastructure/tools/vpc.tf new file mode 100644 index 0000000000..7f94027976 --- /dev/null +++ b/infrastructure/tools/vpc.tf @@ -0,0 +1,76 @@ +locals { + public_azs_cidr = { + "eu-central-1a" : "10.0.1.0/24", + "eu-central-1b" : "10.0.2.0/24", + "eu-central-1c" : "10.0.3.0/24", + } + private_azs_cidr = { + "eu-central-1a" : "10.0.4.0/24", + "eu-central-1b" : "10.0.5.0/24", + "eu-central-1c" : "10.0.6.0/24", + } +} + +resource "aws_vpc" "default" { + cidr_block = "10.0.0.0/16" + enable_dns_hostnames = true + + tags = { + Name = "main-vpc" + } +} + +resource "aws_subnet" "private" { + for_each = local.private_azs_cidr + vpc_id = aws_vpc.default.id + availability_zone = each.key + cidr_block = each.value + + tags = { + Name = "main-vpc-private-subnet-${each.key}" + Type = "private" + AZ = each.key + } +} + +resource "aws_subnet" "public" { + for_each = local.public_azs_cidr + vpc_id = aws_vpc.default.id + availability_zone = each.key + cidr_block = each.value + map_public_ip_on_launch = true + + tags = { + Name = "main-vpc-public-subnet-${each.key}" + Type = "public" + AZ = each.key + } +} + +resource "aws_route_table" "public" { + for_each = toset(keys(local.public_azs_cidr)) + vpc_id = aws_vpc.default.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.default.id + } + + tags = { + Name = "main-vpc-public-route-${each.value}" + } + + depends_on = [ + aws_internet_gateway.default + ] +} + +resource "aws_route_table_association" "public_subnet_to_public_route" { + for_each = toset(keys(local.public_azs_cidr)) + route_table_id = aws_route_table.public[each.value].id + subnet_id = aws_subnet.public[each.value].id +} + +resource "aws_internet_gateway" "default" { + vpc_id = aws_vpc.default.id +} diff --git a/pretix/Dockerfile b/pretix/Dockerfile index 9a9c243439..5a78ef7716 100644 --- a/pretix/Dockerfile +++ b/pretix/Dockerfile @@ -1,6 +1,4 @@ -# v2024.10.0 -ARG PRETIX_IMAGE -FROM ${PRETIX_IMAGE} +FROM ghcr.io/pythonitalia/pycon/base-pretix:v2024.10.0 COPY ./settings.py /pretix/src/production_settings.py