Added resources to deploy the Docuement Transfer service.

codeforamerica · May 20, 2024 · ee34c4a · ee34c4a
1 parent 4933907
commit ee34c4a
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 16 deletions.
diff --git a/.github/workflows/branch.yml b/.github/workflows/branch.yml
@@ -104,9 +104,6 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           scan-type: config
-          ignore-unfixed: true
-          skip-dirs: '"**/*/.terraform"'
-          exit-code: 1
           format: sarif
           output: 'trivy-results.sarif'
 

diff --git a/tofu/config/staging/.terraform.lock.hcl b/tofu/config/staging/.terraform.lock.hcl
diff --git a/tofu/config/staging/main.tf b/tofu/config/staging/main.tf
@@ -14,3 +14,49 @@ module "backend" {
   project     = "illinois-getchildcare"
   environment = "staging"
 }
+
+# Create an S3 bucket and KMS key for logging.
+module "logging" {
+  source = "github.com/codeforamerica/tofu-modules/aws/logging"
+
+  project     = "illinois-getchildcare"
+  environment = "staging"
+}
+
+# Create a VPC with public and private subnets. Since this is a staging
+# environment, we'll use a single NAT gateway to reduce costs.
+module "vpc" {
+  source = "github.com/codeforamerica/tofu-modules/aws/vpc"
+
+  cidr               = "10.0.20.0/22"
+  project            = "illinois-getchildcare"
+  environment        = "staging"
+  single_nat_gateway = true
+  logging_key_id     = module.logging.kms_key_arn
+
+  private_subnets = ["10.0.22.0/26", "10.0.22.64/26", "10.0.22.128/26"]
+  public_subnets  = ["10.0.20.0/26", "10.0.20.64/26", "10.0.20.128/26"]
+}
+
+# Deploy the Document Transfer service to a Fargate cluster.
+module "document_transfer" {
+  source = "github.com/codeforamerica/tofu-modules/aws/fargate_service"
+
+  project         = "illinois-getchildcare"
+  project_short   = "il-gcc"
+  environment     = "staging"
+  service         = "document-transfer"
+  service_short   = "doc-trans"
+  domain          = "staging.document-transfer.cfa.codes"
+  vpc_id          = module.vpc.vpc_id
+  private_subnets = module.vpc.private_subnets
+  public_subnets  = module.vpc.public_subnets
+  logging_key_id  = module.logging.kms_key_arn
+  container_port  = 3000
+  force_delete    = true
+}
+
+# Display commands to push the Docker image to ECR.
+output "document_transfer_docker_push" {
+  value = module.document_transfer.docker_push
+}
diff --git a/tofu/config/staging/providers.tf b/tofu/config/staging/providers.tf
@@ -5,6 +5,7 @@ provider "aws" {
     tags = {
       project     = "illinois-getchildcare"
       environment = "staging"
+      tofu        = "true"
     }
   }
 }
diff --git a/trivy.yaml b/trivy.yaml
@@ -0,0 +1,10 @@
+exit-code: 1
+misconfiguration:
+  ignore-unfixed: true
+  terraform:
+    exclude-downloaded-modules: true
+scan:
+  scanners:
+    - misconfig
+  skip-dirs:
+    - "**/*/.terraform"