Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/muhlba91/fh-burgenland-bswe-assignment-infrastructure
FH Burgenland - BSWE: Assignment Infrastructure
https://github.com/muhlba91/fh-burgenland-bswe-assignment-infrastructure
fh-burgenland gitops pulumi
Last synced: 22 days ago
JSON representation
FH Burgenland - BSWE: Assignment Infrastructure
- Host: GitHub
- URL: https://github.com/muhlba91/fh-burgenland-bswe-assignment-infrastructure
- Owner: muhlba91
- License: gpl-3.0
- Created: 2024-09-12T09:50:12.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2024-10-29T10:02:51.000Z (about 2 months ago)
- Last Synced: 2024-10-29T12:06:38.101Z (about 2 months ago)
- Topics: fh-burgenland, gitops, pulumi
- Language: TypeScript
- Homepage:
- Size: 527 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# FH Burgenland: BSWE - Assignment Infrastructure
[![Build status](https://img.shields.io/github/actions/workflow/status/muhlba91/fh-burgenland-bswe-assignment-infrastructure/pipeline.yml?style=for-the-badge)](https://github.com/muhlba91/fh-burgenland-bswe-assignment-infrastructure/actions/workflows/pipeline.yml)
[![License](https://img.shields.io/github/license/muhlba91/fh-burgenland-bswe-assignment-infrastructure?style=for-the-badge)](LICENSE.md)
[![](https://api.scorecard.dev/projects/github.com/muhlba91/fh-burgenland-bswe-assignment-infrastructure/badge?style=for-the-badge)](https://scorecard.dev/viewer/?uri=github.com/muhlba91/fh-burgenland-bswe-assignment-infrastructure)This repository contains the automation for the required assignment infrastructure for the FH Burgenland "Softwaremanagent II" course using [Pulumi](http://pulumi.com).
---
## Requirements
- [NodeJS](https://nodejs.org/en), and [yarn](https://yarnpkg.com)
- [Pulumi](https://www.pulumi.com/docs/install/)## Creating the Infrastructure
To create the repositories, a [Pulumi Stack](https://www.pulumi.com/docs/concepts/stack/) with the correct configuration needs to exists.
The stack can be deployed via:
```bash
yarn install
yarn build; pulumi up
```## Destroying the Infrastructure
The entire infrastructure can be destroyed via:
```bash
yarn install
yarn build; pulumi destroy
```**Attention**: you must set `ALLOW_REPOSITORY_DELETION="true"` as an environment variable to be able to delete repositories!
## Environment Variables
To successfully run, and configure the Pulumi plugins, you need to set a list of environment variables. Alternatively, refer to the used Pulumi provider's configuration documentation.
- `AWS_REGION`: the AWS region to use
- `AWS_ACCESS_KEY_ID`: the AWS secret key
- `AWS_SECRET_ACCESS_KEY`: the AWS secret access key
- `GITHUB_TOKEN`: the GitHub token with permissions to manage repositories
- `PULUMI_ACCESS_TOKEN`: the Pulumi access token
- `VAULT_ADDR`: the Vault address
- `VAULT_TOKEN`: the Vault token---
## Configuration
The following section describes the configuration which must be set in the Pulumi Stack.
***Attention:*** do use [Secrets Encryption](https://www.pulumi.com/docs/concepts/secrets/#:~:text=Pulumi%20never%20sends%20authentication%20secrets,“secrets”%20for%20extra%20protection.) provided by Pulumi for secret values!
### YAML Configuration
Repositories and teams are defined in YAML format in the file `assets/data_.yml` where `` is the name of the Pulumi stack.
```yaml
---
teams:
- name: name
deleteOnDestroy: false # deletes the team on stack destroy (optional, default: false)
members:
- user-a
- user-b
repositories:
- name: name
service: service # the service name
teams: # provides access to the repository
- team-a
- team-b
approvers: 1 # the number of required approvers (optional, default: 1)
deleteOnDestroy: false # deletes the repository on stack destroy (optional, default: false)
aws: false # creates and stores an AWS access key
terraform: false # creates a Terraform backend bucket
requiredChecks: [] # sets required checks for the repository
```---
## Outputs
The following outputs are available after the stack has been created:
- `vault`: the Vault secret path
- `aws`: a map containing the repositories with AWS access and their role ARN for authentication
- `terraform`: a map containing the repositories with Terraform backend bucket information
- `teams`: a list of all created teams
- `repositories`: a list of all created repositories---
## Continuous Integration and Automations
- [GitHub Actions](https://docs.github.com/en/actions) are linting, and verifying the code.
- [Renovate Bot](https://github.com/renovatebot/renovate) is updating NodeJS packages, and GitHub Actions.