diff --git a/.gitignore b/.gitignore index 3da1131..580b6d3 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,12 @@ Icon # Environment variables .env +# Terraform +.terraform/ +terraform.tfstate +terraform.tfstate.backup +.terraform.lock.hcl + # Files that might appear in the root of a volume .DocumentRevisions-V100 .fseventsd diff --git a/Makefile b/Makefile index 5a1ea56..5383a68 100644 --- a/Makefile +++ b/Makefile @@ -151,4 +151,4 @@ clean: clean_build clean_docker .PHONY: deploy_gcp deploy_gcp: - sh examples/cloud_run/deploy.sh + ./examples/cloud_run/deploy.sh diff --git a/README.md b/README.md index c00570e..9ef0ec4 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,7 @@ [![CI status](https://github.com/artefactory/github_tests_validator_app/actions/workflows/ci.yml/badge.svg?branch%3Amain&event%3Apush)](https://github.com/artefactory/github_tests_validator_app/actions/workflows/ci.yml?query=branch%3Amain) [![CD status](https://github.com/artefactory/github_tests_validator_app/actions/workflows/cd.yml/badge.svg?event%3Arelease)](https://github.com/artefactory/github_tests_validator_app/actions/workflows/cd.yml?query=event%3Arelease) [![Python Version](https://img.shields.io/badge/Python-3.9-informational.svg)](#supported-python-versions) -[![Dependencies Status](https://img.shields.io/badge/dependabots-active-informational.svg)](https://github.com/artefactory/github_tests_validator_app}/pulls?utf8=%E2%9C%93&q=is%3Apr%20author%3Aapp%2Fdependabot) - -[![Releases](https://img.shields.io/badge/%F0%9F%9A%80-semantic%20versions-informational.svg)](https://github.com/artefactory/github_tests_validator_app/releases) +[![Releases](https://img.shields.io/badge/%F0%9F%9A%80-releases-informational.svg)](https://github.com/artefactory/github_tests_validator_app/releases) `github_tests_validator_app` is a GitHub Application you can deploy on your own to retrieve test results from forked projects. diff --git a/examples/cloud_run/deploy.sh b/examples/cloud_run/deploy.sh old mode 100644 new mode 100755 index b422644..e398d7b --- a/examples/cloud_run/deploy.sh +++ b/examples/cloud_run/deploy.sh @@ -4,15 +4,15 @@ echo "Please specify GCP project ID : " read PROJECT_ID source .env gcloud config set project $PROJECT_ID -gcloud auth application-default logins +gcloud auth application-default login export TF_project_id=$PROJECT_ID terraform -chdir=examples/cloud_run apply -input=true set +o history -gcloud secrets versions add GH_APP_ID $GH_APP_ID -gcloud secrets versions add GH_APP_KEY $GH_APP_KEY -gcloud secrets versions add GH_PAT $GH_PAT -gcloud secrets versions add GH_TESTS_REPO_NAME $GH_TESTS_REPO_NAME -gcloud secrets versions add GDRIVE_MAIN_DIRECTORY_NAME $GDRIVE_MAIN_DIRECTORY_NAME -gcloud secrets versions add USER_SHARE $USER_SHARE -gcloud secrets versions add LOGGING $LOGGING +echo "$GH_APP_ID" | gcloud secrets versions add GH_APP_ID --data-file=- +echo "$GH_APP_KEY" | gcloud secrets versions add GH_APP_KEY --data-file=- +echo "$GH_PAT" | gcloud secrets versions add GH_PAT --data-file=- +echo "$GH_TESTS_REPO_NAME" | gcloud secrets versions add GH_TESTS_REPO_NAME --data-file=- +echo "$GDRIVE_MAIN_DIRECTORY_NAME" | gcloud secrets versions add GDRIVE_MAIN_DIRECTORY_NAME --data-file=- +echo "$USER_SHARE" | gcloud secrets versions add USER_SHARE --data-file=- +echo "$LOGGING" | gcloud secrets versions add LOGGING --data-file=- set -o history diff --git a/examples/cloud_run/main.tf b/examples/cloud_run/main.tf index a422437..e2ff464 100644 --- a/examples/cloud_run/main.tf +++ b/examples/cloud_run/main.tf @@ -28,15 +28,55 @@ resource "google_project_service" "drive_api_service" { disable_dependent_services = true } +resource "google_service_account" "service_account" { + project = "${var.project_id}" + account_id = "github-tests-validator-app" + display_name = "Service Account for Cloud Run that sends data to Google Drive" +} + +resource "google_project_iam_binding" "service_account_user" { + project = "${var.project_id}" + role = "roles/iam.serviceAccountUser" + + members = [ + "serviceAccount:github-tests-validator-app@${var.project_id}.iam.gserviceaccount.com", + ] +} + +resource "google_project_iam_binding" "run_admin" { + project = "${var.project_id}" + role = "roles/run.admin" + + members = [ + "serviceAccount:github-tests-validator-app@${var.project_id}.iam.gserviceaccount.com", + ] +} + +resource "google_project_iam_binding" "secret_accessor" { + project = "${var.project_id}" + role = "roles/secretmanager.secretAccessor" + + members = [ + "serviceAccount:github-tests-validator-app@${var.project_id}.iam.gserviceaccount.com", + ] +} + +resource "google_artifact_registry_repository" "github_test_validator_app_registry" { + location = "${var.region}" + repository_id = "github-app-registry" + description = "Docker repository to store the GitHub App docker image" + format = "DOCKER" +} + resource "google_cloud_run_service" "github_test_validator_app" { name = "github-test-validator-app" location = "${var.region}" template { spec { timeout_seconds = 300 - service_account_name = "github_tests_validator_app@${var.project_id}.iam.gserviceaccount.com" + service_account_name = "github-tests-validator-app@${var.project_id}.iam.gserviceaccount.com" containers { - image = "ghcr.io/artefactory/github_tests_validator_app:latest" + image = "${var.region}-docker.pkg.dev/${var.project_id}/github-app-registry/github_tests_validator_app:latest" env { name = "GH_APP_ID" value_from { diff --git a/github_tests_validator_app/bin/github_app_backend.py b/github_tests_validator_app/bin/github_app_backend.py index 4ba3225..a881bd0 100644 --- a/github_tests_validator_app/bin/github_app_backend.py +++ b/github_tests_validator_app/bin/github_app_backend.py @@ -24,7 +24,7 @@ async def main(request: Request) -> None: def launch_app(): uvicorn.run( app, - host="127.0.0.1", + host="0.0.0.0", # nosec B104 port=cast(int, os.environ.get("PORT", 8080)), log_level="info", )