diff --git a/.github/workflows/show-terraform-state.yml b/.github/workflows/show-terraform-state.yml new file mode 100644 index 00000000..baa5d7a5 --- /dev/null +++ b/.github/workflows/show-terraform-state.yml @@ -0,0 +1,83 @@ +name: Show Terraform State + +on: + workflow_dispatch: + inputs: + environment: + type: choice + description: Environment to show state for + options: + - staging + - production + +jobs: + show-state: + name: Show Terraform state for ${{ github.event.inputs.environment }} + runs-on: ubuntu-latest + environment: ${{ github.event.inputs.environment }} + env: + TF_VAR_AWS_REGION: ${{ vars.AWS_REGION }} + TF_VAR_APP_NAME: ${{ vars.APP_NAME }} + TF_VAR_APP_ENVIRONMENT: ${{ github.event.inputs.environment }} + #Database + TF_VAR_DATALAYER_PG_USER: ${{ secrets.DATALAYER_PG_USER }} + TF_VAR_DATALAYER_PG_PASSWORD: ${{ secrets.DATALAYER_PG_PASSWORD }} + #Hasura API + TF_VAR_GREEN_DATALAYER_HASURA_ADMIN_SECRET: ${{ secrets.DATALAYER_HASURA_ADMIN_SECRET }} + TF_VAR_BLUE_DATALAYER_HASURA_ADMIN_SECRET: ${{ secrets.DATALAYER_HASURA_ADMIN_SECRET }} + #Coingecko API + TF_VAR_GREEN_COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} + TF_VAR_BLUE_COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} + steps: + - name: Check out github repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Check if user is an admin + uses: ./.github/actions/check-admin + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: ${{ vars.TERRAFORM_VERSION }} + terraform_wrapper: false + + - name: Set up AWS CLI + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.AWS_REGION }} + + - name: Terraform Init + working-directory: deployment/environments/${{github.event.inputs.environment}} + run: | + terraform init \ + -backend-config="bucket=${{ vars.APP_NAME }}-terraform-state" \ + -backend-config="key=${{ vars.APP_NAME }}-${{github.event.inputs.environment}}-state" \ + -backend-config="region=${{ vars.AWS_REGION }}" \ + -backend-config="encrypt=true" + + - name: Show Terraform State + working-directory: deployment/environments/${{github.event.inputs.environment}} + run: | + echo "=== Terraform State Information ===" + echo "Current State:" + terraform show + + echo -e "\n=== Terraform Outputs ===" + terraform output + + echo -e "\n=== RDS Connection Information ===" + echo "RDS Endpoint: $(terraform output -raw rds_endpoint)" + echo "Connection String: postgresql://${{ secrets.DATALAYER_PG_USER }}:${{ secrets.DATALAYER_PG_PASSWORD }}@$(terraform output -raw rds_endpoint)/GitcoinDatalayer{{Green|Blue}}" + + echo -e "\n=== Current Deployment State ===" + echo "Deployment State: $(terraform output -raw deployment_state)" + echo "Active Deployment: $(terraform output -raw active_deployment)" + + echo -e "\n=== API Gateway Information ===" + echo "API Gateway URL: $(terraform output -raw api_gateway_url)" \ No newline at end of file diff --git a/.github/workflows/upgrade-current-deployment-infra.yml b/.github/workflows/upgrade-current-deployment-infra.yml index 453bacdd..637d84de 100644 --- a/.github/workflows/upgrade-current-deployment-infra.yml +++ b/.github/workflows/upgrade-current-deployment-infra.yml @@ -76,5 +76,11 @@ jobs: echo "Deployment state: $deployment_state" echo "Active deployment: $active_deployment" terraform apply -var-file=tfvars.json -auto-approve -var="DEPLOYMENT_STATE=$deployment_state" -var="ACTIVE_DEPLOYMENT=$active_deployment" + + # Display RDS connection information + echo "=== RDS Connection Information ===" + echo "RDS Endpoint: $(terraform output -raw rds_endpoint)" + echo "Connection String: postgresql://${{ secrets.DATALAYER_PG_USER }}:${{ secrets.DATALAYER_PG_PASSWORD }}@$(terraform output -raw rds_endpoint)/GitcoinDatalayer{{Green|Blue}}" + env: TERRAFORM_VARS: ${{ vars.TERRAFORM_VARS }} diff --git a/deployment/environments/staging/outputs.tf b/deployment/environments/staging/outputs.tf index e8836069..8f126e86 100644 --- a/deployment/environments/staging/outputs.tf +++ b/deployment/environments/staging/outputs.tf @@ -9,3 +9,7 @@ output "deployment_state" { output "api_gateway_url" { value = module.api_gateway.api_gateway_url } + +output "rds_endpoint" { + value = module.storage.rds_endpoint +} \ No newline at end of file diff --git a/deployment/modules/networking/main.tf b/deployment/modules/networking/main.tf index ca88d43c..b8dcc49b 100644 --- a/deployment/modules/networking/main.tf +++ b/deployment/modules/networking/main.tf @@ -71,6 +71,14 @@ resource "aws_security_group" "rds" { cidr_blocks = module.vpc.public_subnets_cidr_blocks # Allow access from public subnets } + # Allow access from anywhere (0.0.0.0/0) + ingress { + from_port = 5432 + to_port = 5432 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + egress { from_port = 0 to_port = 0 diff --git a/deployment/modules/storage/main.tf b/deployment/modules/storage/main.tf index 211e2bd5..07afa06b 100644 --- a/deployment/modules/storage/main.tf +++ b/deployment/modules/storage/main.tf @@ -23,7 +23,7 @@ module "rds" { maintenance_window = "Mon:00:00-Mon:03:00" - publicly_accessible = false + publicly_accessible = true storage_encrypted = true