Copy env.sample to .env and edit the values to use your password/secret manager to populate the environment variables.
Source your secrets.
$ source .env
Initialize Terraform.
$ terraform init
Apply changes.
$ terraform apply
Format your Terraform code before pushing.
$ terraform fmt
TODO Provide a script to make the manual steps 1) download 2) run script.
Follow these steps to update the sites.csv.
- Download the GSA Website Inventory as a CSV.
- Filter the list Production Status != Decommissioned, Sub-Office starts with "TTS*".
- Copy the first column (list of domains) into
sites.csv.
The first time you setup this project, you'll need to create the Terraform backend and setup CI.
This assumes you'll be using an S3 bucket with DynamoDB for locking.
Create the bucket in S3, ensure "Block all public access" is checked.
Create the DynamoDB table.
Create an IAM user with the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::tts-newrelic-terraform"
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3:::tts-newrelic-terraform/production/*"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:DeleteItem"
],
"Resource": "arn:aws:dynamodb:*:*:table/newrelic-terraform-state-lock"
}
]
}
Add these secrets for use in GitHub Actions.
| Secret | Description |
|---|---|
| AWS_ACCESS_KEY_ID | AWS access key Id for accessing the S3+DynamoDB Terraform state. |
| AWS_SECRET_ACCESS_KEY | AWS secret key for accessing the S3+DynamoDB Terraform state. |
| NEW_RELIC_API_KEY | NewRelic API key. |
| NEW_RELIC_ACCOUNT_ID | NewRelic account Id. |
To enforce the workflow, you should enable protected branches for the main
branch configured with these options:
- Require pull request reviews before merging
- Dismiss stale pull request approvals when new commits are pushed
- Require status checks to pass before merging (build, plan)
- Require branches to be up to date before merging
- Include administrators
This project is in the worldwide public domain. As stated in CONTRIBUTING:
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.