Merge pull request #2 from CS3219-AY2425S1/feat/setup

Feat: Setup

.env

@@ -0,0 +1,10 @@
+## Shared Environment Variables for the project
+GOOGLE_APPLICATION_CREDENTIALS=./secrets/gcp_credentials.json
+GCLOUD_PROJECT=cs3219-ay2425s1-project-g10
+GCLOUD_REGION=us-central1
+GCLOUD_ZONE=us-central1-c
+GCLOUD_REPOSITORY_ID=cs3219-ay2425s1-project-g10
+
+# Terraform backend variables
+TF_BACKEND_BUCKET_NAME=${GCLOUD_PROJECT}-tfstate
+

.github/actions/container_setup/action.yml

@@ -0,0 +1,22 @@
+name: Setup Action
+description: Set up environment, authenticate, and configure git for workflows under the kimyongbeom/peerprep-actions-runner container.
+
+runs:
+  using: composite
+  steps:
+    - name: Configure Git
+      shell: bash
+      run: |
+        git config --global --add safe.directory "$PWD"
+
+    - name: Decrypt Secret Files
+      shell: bash
+      run: |
+        mkdir -p ${XDG_CONFIG_HOME:-$HOME/.config}/sops/age
+        echo $AGE_SECRET_KEY > ${XDG_CONFIG_HOME:-$HOME/.config}/sops/age/keys.txt
+        /bin/bash ./scripts/secret.sh decrypt
+
+    - name: Authenticate to Google Cloud
+      shell: bash
+      run: |
+        make gcloud_auth

.github/workflows/cleanup_branch.yml

@@ -0,0 +1,46 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Branch Cleanup
+
+# Controls when the workflow will run
+on:
+  # On push @ branch
+  pull_request:
+    types: [closed]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  cleanup:
+    # Run only if PR is merged
+    if: github.event.pull_request.merged == true
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    container:
+      image: kimyongbeom/peerprep-actions-runner:latest
+      env:
+        AGE_SECRET_KEY: ${{ secrets.AGE_SECRET_KEY }}
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+      options: --privileged
+
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/container_setup
+
+      - name: Destroy Global Infrastructure
+        shell: bash
+        run: make destroy_infra
+
+      - name: Destroy Backend
+        shell: bash
+        run: cd backend && make destroy
+
+      - name: Destroy Frontend
+        shell: bash
+        run: . $NVM_DIR/nvm.sh && cd frontend && make destroy
+

.github/workflows/on_pr.yml

@@ -0,0 +1,34 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Checks on PRs
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  pull_request:
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  test:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    container:
+      image: kimyongbeom/peerprep-actions-runner:latest
+      env:
+        AGE_SECRET_KEY: ${{ secrets.AGE_SECRET_KEY }}
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+      options: --privileged
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/container_setup
+
+      # Runs a single command using the runners shell
+      - name: Run a one-line script
+        run: echo Hello, world!

.github/workflows/on_push.yml

@@ -0,0 +1,61 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Actions on Push
+
+# Controls when the workflow will run
+on:
+  # On push @ branch
+  push:
+  # When branch is created
+  create:
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  deploy:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    container:
+      image: kimyongbeom/peerprep-actions-runner:latest
+      env:
+        AGE_SECRET_KEY: ${{ secrets.AGE_SECRET_KEY }}
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+      options: --privileged
+
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/container_setup
+
+      - name: Find Changed Files
+        uses: dorny/paths-filter@v3
+        id: changes
+        with:
+          filters: |
+            global_infra:
+              - 'tf/**'
+            frontend:
+              - 'frontend/**'
+            backend:
+              - 'backend/**'
+
+      - name: Deploy Global Infrastructure
+        shell: bash
+        if: ${{ github.event_name }} == 'create' || ${{ steps.changes.outputs.global_infra }} == 'true'
+        run: make deploy_infra
+
+      - name: Deploy Backend
+        if: ${{ github.event_name }} == 'create' || ${{ steps.changes.outputs.backend }} == 'true'
+        shell: bash
+        run: cd backend && make deploy
+
+      - name: Deploy Frontend
+        if: ${{ github.event_name }} == 'create' || ${{ steps.changes.outputs.frontend }} == 'true'
+        shell: bash
+        run: . $NVM_DIR/nvm.sh && cd frontend && make deploy
+

.github/workflows/pr_setup.yml

@@ -0,0 +1,50 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Setup Actions on new Pull Request
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  pull_request:
+      types: [opened, synchronize]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  test:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    container:
+      image: kimyongbeom/peerprep-actions-runner:latest
+      env:
+        AGE_SECRET_KEY: ${{ secrets.AGE_SECRET_KEY }}
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+      options: --privileged
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/container_setup
+      - name: Get all deployment URLs
+        id: urls
+        run: |
+          echo frontend=$(cd frontend && make url) >> $GITHUB_OUTPUT
+          echo backend=$(cd backend && make url) >> $GITHUB_OUTPUT
+        
+
+      - name: Add a comment to the pull request
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            Frontend URL: ${{ steps.urls.outputs.frontend }}
+            Backend URL: ${{ steps.urls.outputs.backend }}

.gitignore

@@ -0,0 +1,43 @@
+/google-cloud-sdk/
+/secrets/*
+# Encrypted secrets
+!*.enc
+
+# https://github.com/github/gitignore/blob/main/Terraform.gitignore
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

.sops.yaml

@@ -0,0 +1,9 @@
+## KEYS:
+# Yongbeom: age1c0fqjnprp4pzk8kx5y23mlkreu5z34v3tkrrwrcmf56cmu3zaf0q30sqfv
+# GH Actions Runner: age1g2yz8vzyyzmdsht3398da6nu3pgl54rkw5wuveqh5wfn23r2hy0qu6d4dw
+
+creation_rules:
+    # Note: must be comma separated
+    - age: >-
+        age1c0fqjnprp4pzk8kx5y23mlkreu5z34v3tkrrwrcmf56cmu3zaf0q30sqfv,
+        age1g2yz8vzyyzmdsht3398da6nu3pgl54rkw5wuveqh5wfn23r2hy0qu6d4dw

Makefile

@@ -0,0 +1,59 @@
+SHELL := /bin/bash
+MAKEFLAGS += --no-print-directory
+
+.PHONY: help gcloud_auth deploy_tf_backend destroy_tf_backend
+
+
+
+help: ## Display this help text
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m\033[0m\n"} /^[$$()% 0-9a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+
+urls: ## Get the URL endpoints of all deployed resources.
+	@echo "FRONTEND_URL: $$(cd frontend && $(MAKE) url)"
+	@echo "BACKEND_URL: $$(cd backend && $(MAKE) url)"
+
+##
+## Google Cloud CLI
+##
+
+gcloud_auth: ## Authenticate with gcloud
+	. source.sh && \
+		gcloud auth activate-service-account --key-file=$$GOOGLE_APPLICATION_CREDENTIALS && \
+		gcloud auth configure-docker $$GCLOUD_REGION-docker.pkg.dev --quiet
+
+##
+## Global Terraform Infrastructure
+##
+
+deploy_infra: ## Deploy Global OpenTofu/Terraform infrastructure
+	. source.sh && \
+		cd tf && \
+		tofu init && \
+		tofu workspace select -or-create $$TERRAFORM_WORKSPACE && \
+		tofu apply -auto-approve
+
+destroy_infra: ## Destroy Global OpenTofu/Terraform infrastructure
+	. source.sh && \
+		cd tf && \
+		tofu workspace select -or-create $$TERRAFORM_WORKSPACE && \
+		tofu destroy -auto-approve
+
+##
+## Terraform backend
+##
+
+deploy_tf_backend: ## Deploy the OpenTofu/Terraform backend to GCP
+	. source.sh && \
+		unset TF_WORKSPACE && \
+		cd tf_backend && \
+		tofu init && \
+		tofu apply -auto-approve \
+			-var="bucket_name=$$TF_BACKEND_BUCKET_NAME"
+
+destroy_tf_backend: ## Destroy the OpenTofu/Terraform backend on GCP
+	. source.sh && \
+		unset TF_WORKSPACE && \
+		cd tf_backend && \
+		tofu destroy -auto-approve \
+			-var="bucket_name=$$TF_BACKEND_BUCKET_NAME"

README.md

@@ -1,8 +1,45 @@
 [![Review Assignment Due Date](https://classroom.github.com/assets/deadline-readme-button-22041afd0340ce965d47ae6ef1cefeee28c7c493a6346c4f15d667ab976d596c.svg)](https://classroom.github.com/a/bzPrOe11)
 # CS3219 Project (PeerPrep) - AY2425S1
-## Group: Gxx
+## Group: G10
 
-### Note: 
-- You can choose to develop individual microservices within separate folders within this repository **OR** use individual repositories (all public) for each microservice. 
-- In the latter scenario, you should enable sub-modules on this GitHub classroom repository to manage the development/deployment **AND** add your mentor to the individual repositories as a collaborator. 
-- The teaching team should be given access to the repositories as we may require viewing the history of the repository in case of any disputes or disagreements. 
+## Dependencies
+| Thing                                            | Version |
+| ------------------------------------------------ | ------- |
+| [gcloud](https://cloud.google.com/sdk/gcloud)    |         |
+| [OpenTofu](https://github.com/opentofu/opentofu) | 1.8[^1] |
+| [sops](https://github.com/getsops/sops)          | 3.9     |
+| [age](https://github.com/FiloSottile/age)        | 1       |
+| Make                                             | 4       |
+| Bash                                             | 5       |
+
+
+## Directory Structure
+All direct subdirectories of the project base directory (with the following exceptions) are microservices.
+
+Additional information about some directories is provided below.
+### `scripts`
+Contains scripts for setting up the project.
+
+Usage:
+```
+# Generate a new age key for secret encryption.
+./scripts/generate_age_key.sh
+# Encrypt all secret files
+./scripts/secret.sh encrypt
+# Decrypt all secret files
+./scripts/secret.sh decrypt
+```
+### `secrets`
+Contains secrets for the project.
+
+### `tf_backend`
+Contains the Terraform configuration for the Terraform state backend. 
+For this project, the terraform backend is stored in a Google Cloud Storage bucket.
+
+### `{service}/tf`
+Contains the Terraform configuration for the service.
+
+Note that each service has its own Terraform configuration, and state.
+
+
+[^1]: OpenTofu 1.8.0 introduces [static variable evaluation](https://opentofu.org/blog/opentofu-1-8-0/), which we use for the project.