Restructured project into submodules

Author: squidfunk

aws-cloudwatch/main.tf

@@ -0,0 +1,116 @@
+# Copyright (c) 2017 Martin Donath <martin.donath@squidfunk.com>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+# -----------------------------------------------------------------------------
+# Data: IAM
+# -----------------------------------------------------------------------------
+
+# data.template_file.lambda_iam_policy.rendered
+data "template_file" "lambda_iam_policy" {
+  template = "${file("${path.root}/aws-iam/policies/lambda.json")}"
+
+  vars {
+    bucket = "${var.bucket}"
+  }
+}
+
+# -----------------------------------------------------------------------------
+# Resources: IAM
+# -----------------------------------------------------------------------------
+
+# aws_iam_role.lambda
+resource "aws_iam_role" "lambda" {
+  name = "${var.namespace}-lambda-cloudwatch"
+  path = "/${var.namespace}/lambda/"
+
+  assume_role_policy = "${
+    file("${path.root}/aws-iam/policies/assume-role/lambda.json")
+  }"
+}
+
+# aws_iam_policy.lambda
+resource "aws_iam_policy" "lambda" {
+  name = "${var.namespace}-lambda-cloudwatch"
+  path = "/${var.namespace}/lambda/"
+
+  policy = "${data.template_file.lambda_iam_policy.rendered}"
+}
+
+# aws_iam_policy_attachment.lambda
+resource "aws_iam_policy_attachment" "lambda" {
+  name = "${var.namespace}-lambda-cloudwatch"
+
+  policy_arn = "${aws_iam_policy.lambda.arn}"
+  roles      = ["${aws_iam_role.lambda.id}"]
+}
+
+# -----------------------------------------------------------------------------
+# Resources: CloudWatch
+# -----------------------------------------------------------------------------
+
+# aws_cloudwatch_event_rule.status
+resource "aws_cloudwatch_event_rule" "status" {
+  name = "${var.namespace}-webhook-status"
+
+  event_pattern = "${
+    file("${path.root}/aws-cloudwatch/rules/codebuild.json")
+  }"
+}
+
+# aws_cloudwatch_event_target.status
+resource "aws_cloudwatch_event_target" "status" {
+  rule = "${aws_cloudwatch_event_rule.status.name}"
+  arn  = "${aws_lambda_function.status.arn}"
+}
+
+# -----------------------------------------------------------------------------
+# Resources: Lambda
+# -----------------------------------------------------------------------------
+
+# aws_lambda_function.status
+resource "aws_lambda_function" "status" {
+  function_name = "${var.namespace}-webhook-status"
+  role          = "${aws_iam_role.lambda.arn}"
+  runtime       = "nodejs6.10"
+  filename      = "${path.root}/aws-lambda/dist/status.zip"
+  handler       = "index.default"
+  timeout       = 10
+
+  source_code_hash = "${
+    base64sha256(file("${path.root}/aws-lambda/dist/status.zip"))
+  }"
+
+  environment {
+    variables = {
+      GITHUB_OAUTH_TOKEN = "${var.github_oauth_token}"
+      GITHUB_REPORTER    = "${var.github_reporter}"
+      CODEBUILD_BUCKET   = "${var.bucket}"
+    }
+  }
+}
+
+# aws_lambda_permission.status
+resource "aws_lambda_permission" "status" {
+  statement_id  = "AllowExecutionFromCloudWatch"
+  action        = "lambda:InvokeFunction"
+  function_name = "${aws_lambda_function.status.arn}"
+  principal     = "events.amazonaws.com"
+  source_arn    = "${aws_cloudwatch_event_rule.status.arn}"
+}

aws-cw/rules/codebuild.json renamed to aws-cloudwatch/rules/codebuild.json

@@ -0,0 +1,61 @@
+# Copyright (c) 2017 Martin Donath <martin.donath@squidfunk.com>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+# -----------------------------------------------------------------------------
+# Variables: General
+# -----------------------------------------------------------------------------
+
+# var.namespace
+variable "namespace" {
+  description = "AWS resource namespace/prefix"
+}
+
+# -----------------------------------------------------------------------------
+# Variables: GitHub
+# -----------------------------------------------------------------------------
+
+# var.github_owner
+variable "github_owner" {
+  description = "GitHub repository owner"
+}
+
+# var.github_repository
+variable "github_repository" {
+  description = "GitHub repository name"
+}
+
+# var.github_oauth_token
+variable "github_oauth_token" {
+  description = "GitHub OAuth token for repository access"
+}
+
+# var.github_reporter
+variable "github_reporter" {
+  description = "GitHub commit status reporter"
+}
+
+# -----------------------------------------------------------------------------
+# Variables: S3
+# -----------------------------------------------------------------------------
+
+# var.bucket
+variable "bucket" {
+  description = "S3 bucket"
+}

aws-cloudwatch/variables.tf

@@ -34,8 +34,7 @@ node_modules:
 
 # Build library for distribution
 dist: $(shell find src) .babelrc webpack.config.js
-	$(shell npm bin)/cross-env NODE_ENV=production \
-		$(shell npm bin)/webpack
+	$(shell npm bin)/webpack --env.prod
 
 # -----------------------------------------------------------------------------
 # Rules

aws-iam/policies/assume-role/codebuild-manager.json renamed to aws-iam/policies/assume-role/lambda.json

@@ -1,14 +1,8 @@
 {
-  "name": "terraform-aws-github-ci",
+  "name": "terraform-aws-github-ci-aws-lambda",
   "version": "0.0.0",
-  "description": "GitHub CI server using AWS CodeBuild",
-  "keywords": [
-    "aws",
-    "codepipeline",
-    "github",
-    "terraform",
-    "webhook"
-  ],
+  "description": "A GitHub CI server using AWS CodeBuild",
+  "keywords": [],
   "homepage": "https://github.com/squidfunk/terraform-aws-github-ci/",
   "bugs": {
     "url": "https://github.com/squidfunk/terraform-aws-github-ci/",

aws-iam/policies/codebuild-manager.json renamed to aws-iam/policies/lambda.json

@@ -37,7 +37,7 @@ const codebuild = new AWS.CodeBuild({ apiVersion: "2016-10-06" })
 /**
  * GitHub client
  *
- * @type {AWS.GitHub}
+ * @type {GitHub}
  */
 const github = new GitHub()
 if (process.env.GITHUB_OAUTH_TOKEN)