init: add terraform code and actions

Author: Lutonite

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @presentium/developers/infrastructure

.github/workflows/drift.yml

@@ -0,0 +1,29 @@
+name: Check for infrastructure drift
+
+on:
+  schedule:
+    - cron:  "0 8 * * *"
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  check_drift:
+    runs-on: ubuntu-latest
+    name: Check for drift of terraform configuration
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: ${{ vars.AWS_ARN }}
+          role-session-name: terraform-check
+
+      - name: Check for drift
+        uses: dflook/terraform-check@v1
+        with:
+          path: terraform

.github/workflows/terraform-apply.yml

@@ -0,0 +1,31 @@
+name: Apply terraform plan
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  id-token: write
+  pull-requests: write
+
+jobs:
+  apply:
+    runs-on: ubuntu-latest
+    name: Apply the terraform plan
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: ${{ vars.AWS_ARN }}
+          role-session-name: terraform-apply
+
+      - name: terraform apply
+        uses: dflook/terraform-apply@v1
+        with:
+          path: terraform

.github/workflows/terraform-plan.yml

@@ -0,0 +1,28 @@
+name: Create terraform plan
+
+on: [pull_request]
+
+permissions:
+  contents: read
+  id-token: write
+  pull-requests: write
+
+jobs:
+  plan:
+    runs-on: ubuntu-latest
+    name: Create a plan for the terraform configuration
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: ${{ vars.AWS_ARN }}
+          role-session-name: terraform-plan
+
+      - name: terraform plan
+        uses: dflook/terraform-plan@v1
+        with:
+          path: terraform

.github/workflows/validate.yml

@@ -0,0 +1,49 @@
+name: Validate changes
+
+on:
+  push:
+    branches-ignore:
+      - 'main'
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  fmt-check:
+    runs-on: ubuntu-latest
+    name: Check formatting of terraform files
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: ${{ vars.AWS_ARN }}
+          role-session-name: terraform-fmt-check
+
+      - name: terraform fmt
+        uses: dflook/terraform-fmt-check@v1
+        with:
+          path: terraform
+
+  validate:
+    runs-on: ubuntu-latest
+    name: Validate terraform configuration
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: ${{ vars.AWS_ARN }}
+          role-session-name: terraform-validate
+
+      - name: terraform validate
+        uses: dflook/terraform-validate@v1
+        with:
+          path: terraform

LICENSE.md

@@ -0,0 +1,16 @@
+# The MIT License (MIT)
+
+Copyright © `2024` `The Presentium Project and its contributors`
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+documentation files (the “Software”), to deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit
+persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,2 +1,16 @@
-# infra
+# Infrastructure for Presentium
+
 Infrastructure for deploying the Presentium API and dashboard on the cloud.
+
+## Continus Delivery
+
+The infrastructure is deployed using GitHub Actions. The workflow is defined in `.github/workflows/terraform-apply.yml`.
+
+The default branch therefore is `dev`, and the `main` branch is protected.
+When an infrastructure change is ready to be deployed, a pull request should be made from `dev` to `main`.
+
+## Contributing
+
+Please refer to the [Contributing Guide][contributing] before making a pull request.
+
+[contributing]: https://github.com/presentium/meta/blob/main/CONTRIBUTING.md

terraform/.terraform.lock.hcl

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "eu-central-2"
+}