diff --git a/.github/workflows/cleanup-demo.yaml b/.github/workflows/cleanup-demo.yaml new file mode 100644 index 0000000000..3e8e0a3e5c --- /dev/null +++ b/.github/workflows/cleanup-demo.yaml @@ -0,0 +1,20 @@ +name: Demo Cleanup +on: + pull_request: + types: + - closed +permissions: + pull-requests: write + packages: write + +jobs: + cleanup: + name: Cleanup Demo + uses: canonical/webteam-devops/.github/workflows/cleanup-demo.yaml@demos + with: + juju-model-name: "795798e4-922f-49c7-9169-004ffc17df90@serviceaccount/k8s-marketplace-demos-default" + secrets: + demos_juju_client_id: ${{ secrets.DEMOS_JUJU_CLIENT_ID }} + demos_juju_client_secret: ${{ secrets.DEMOS_JUJU_CLIENT_SECRET }} + demos_s3_access_key_id: ${{ secrets.DEMOS_S3_ACCESS_KEY_ID }} + demos_s3_secret_access_key: ${{ secrets.DEMOS_S3_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/demo.yaml b/.github/workflows/demo.yaml new file mode 100644 index 0000000000..0f588660ff --- /dev/null +++ b/.github/workflows/demo.yaml @@ -0,0 +1,28 @@ +name: Demo +on: + pull_request: + types: + - opened + - reopened + - synchronize +permissions: + pull-requests: write + packages: write + +# Ensure only one demo runs at a time. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + deploy: + name: Deploy Demo + uses: canonical/webteam-devops/.github/workflows/start-demo.yaml@demos + with: + juju-model-name: "795798e4-922f-49c7-9169-004ffc17df90@serviceaccount/k8s-marketplace-demos-default" + juju-model-uuid: "b765a126-883d-440b-847d-0bd30a4f8318" + secrets: + demos_juju_client_id: ${{ secrets.DEMOS_JUJU_CLIENT_ID }} + demos_juju_client_secret: ${{ secrets.DEMOS_JUJU_CLIENT_SECRET }} + demos_s3_access_key_id: ${{ secrets.DEMOS_S3_ACCESS_KEY_ID }} + demos_s3_secret_access_key: ${{ secrets.DEMOS_S3_SECRET_ACCESS_KEY }} diff --git a/charm/charmcraft.yaml b/charm/charmcraft.yaml index a3b8fb1944..899d2dc145 100644 --- a/charm/charmcraft.yaml +++ b/charm/charmcraft.yaml @@ -30,11 +30,11 @@ config: marketo-client-id: description: "Marketo API client ID" - type: string + type: secret marketo-client-secret: description: "Marketo API client secret" - type: string + type: secret github-client-id: description: "GitHub OAuth application ID for prompting users for access to their repositories" @@ -42,19 +42,19 @@ config: github-client-secret: description: "GitHub OAuth application client secret for prompting users for access to their repositories" - type: string + type: secret github-snapcraft-user-token: description: "GitHub application token for automated builds" - type: string + type: secret github-snapcraft-bot-user-token: description: "GitHub application token for CVE data" - type: string + type: secret github-webhook-secret: description: "Secret salt used for signing automated build webhooks" - type: string + type: secret github-webhook-host-url: description: "URL of the automated build webhooks' host" @@ -66,19 +66,19 @@ config: lp-api-token: description: "Launchpad API token" - type: string + type: secret lp-api-token-secret: description: "Launchpad API secret" - type: string + type: secret youtube-api-key: description: "API key used to access the YouTube Data API for retrieving and displaying YouTube video content on snapcraft.io" - type: string + type: secret discourse-api-key: description: "API key used by the application to authenticate with the configured Discourse forum" - type: string + type: secret discourse-api-username: description: "Discourse username to associate with API requests to the Discourse forum" @@ -86,7 +86,7 @@ config: dns-verification-salt: description: "Secret salt used when generating DNS verification tokens to confirm domain ownership" - type: string + type: secret login-url: description: "Base URL for SSO login redirects" diff --git a/terraform/demo/demo.tf b/terraform/demo/demo.tf new file mode 100644 index 0000000000..20beb54d1a --- /dev/null +++ b/terraform/demo/demo.tf @@ -0,0 +1,74 @@ +resource "juju_application" "demo" { + name = var.demo_id + model_uuid = data.juju_model.demos.uuid + + charm { + name = "snapcraft-io" + } + + config = { + bsi-url = "https://build.snapcraft.io" + devicegw-url = "https://api.snapcraft.io/" + discourse-api-key = "secret:${data.juju_secret.snapcraft_io-discourse_api_key.secret_id}" + discourse-api-username = "system" + dns-verification-salt = "secret:${data.juju_secret.snapcraft_io-dns_verification_salt.secret_id}" + environment = "production" + flask-preferred-url-scheme = "HTTPS" + flask-secret-key = "secret:${data.juju_secret.snapcraft_io-flask_secret_key.secret_id}" + github-client-id = "029a65c1d9dc821b0227" + github-client-secret = "secret:${data.juju_secret.snapcraft_io-github_client_secret.secret_id}" + github-snapcraft-bot-user-token = "secret:${data.juju_secret.snapcraft_io-github_snapcraft_bot_user_token.secret_id}" + github-snapcraft-user-token = "secret:${data.juju_secret.snapcraft_io-github_snapcraft_user_token.secret_id}" + github-webhook-host-url = "https://snapcraft.io/" + github-webhook-secret = "secret:${data.juju_secret.snapcraft_io-github_webhook_secret.secret_id}" + login-url = "https://login.ubuntu.com" + lp-api-token = "secret:${data.juju_secret.snapcraft_io-lp_api_token.secret_id}" + lp-api-token-secret = "secret:${data.juju_secret.snapcraft_io-lp_api_token_secret.secret_id}" + lp-api-username = "build.snapcraft.io" + marketo-client-id = "secret:${data.juju_secret.snapcraft_io-marketo_client_id.secret_id}" + marketo-client-secret = "secret:${data.juju_secret.snapcraft_io-marketo_client_secret.secret_id}" + publishergw-url = "https://api.charmhub.io" + report-sheet-url = "https://script.google.com/macros/s/AKfycbywNDNVeD4_xnE36HP7gJUbbLHNrrcxgy0yVuwr0poPfGoDnH0Vl1oOWjnRXNtLkrcmlQ/exec" + snapstore-dashboard-api-url = "https://dashboard.snapcraft.io/" + youtube-api-key = "secret:${data.juju_secret.snapcraft_io-youtube_api_key.secret_id}" + } +} + +resource "juju_integration" "demo_ingress" { + model_uuid = data.juju_model.demos.uuid + + application { + name = juju_application.demo.name + endpoint = "ingress" + } + + application { + name = "subdomain-integrator" + endpoint = "ingress" + } +} + +// Redis instance and relation + +resource "juju_application" "redis" { + name = "${var.demo_id}-redis" + model_uuid = data.juju_model.demos.uuid + + charm { + name = "redis-k8s" + } +} + +resource "juju_integration" "demo_redis" { + model_uuid = data.juju_model.demos.uuid + + application { + name = juju_application.demo.name + endpoint = "redis" + } + + application { + name = juju_application.redis.name + endpoint = "redis" + } +} diff --git a/terraform/demo/secrets.tf b/terraform/demo/secrets.tf new file mode 100644 index 0000000000..5bc0b13025 --- /dev/null +++ b/terraform/demo/secrets.tf @@ -0,0 +1,191 @@ +// discourse-api-key +data "juju_secret" "snapcraft_io-discourse_api_key" { + name = "snapcraft_io-discourse_api_key" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "discourse_api_key-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-discourse_api_key.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// dns-verification-salt +data "juju_secret" "snapcraft_io-dns_verification_salt" { + name = "snapcraft_io-dns_verification_salt" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "dns_verification_salt-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-dns_verification_salt.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// flask-secret-key +data "juju_secret" "snapcraft_io-flask_secret_key" { + name = "snapcraft_io-flask_secret_key" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "flask_secret_key-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-flask_secret_key.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// github-client-secret +data "juju_secret" "snapcraft_io-github_client_secret" { + name = "snapcraft_io-github_client_secret" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "github_client_secret-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-github_client_secret.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// github-snapcraft-bot-user-token +data "juju_secret" "snapcraft_io-github_snapcraft_bot_user_token" { + name = "snapcraft_io-github_snapcraft_bot_user_token" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "github_snapcraft_bot_user_token-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-github_snapcraft_bot_user_token.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// github-snapcraft-user-token +data "juju_secret" "snapcraft_io-github_snapcraft_user_token" { + name = "snapcraft_io-github_snapcraft_user_token" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "github_snapcraft_user_token-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-github_snapcraft_user_token.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// github-webhook-secret +data "juju_secret" "snapcraft_io-github_webhook_secret" { + name = "snapcraft_io-github_webhook_secret" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "github_webhook_secret-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-github_webhook_secret.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// lp-api-token +data "juju_secret" "snapcraft_io-lp_api_token" { + name = "snapcraft_io-lp_api_token" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "lp_api_token-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-lp_api_token.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// lp-api-token-secret +data "juju_secret" "snapcraft_io-lp_api_token_secret" { + name = "snapcraft_io-lp_api_token_secret" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "lp_api_token_secret-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-lp_api_token_secret.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// marketo-client-id +data "juju_secret" "snapcraft_io-marketo_client_id" { + name = "snapcraft_io-marketo_client_id" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "marketo_client_id-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-marketo_client_id.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// marketo-client-secret +data "juju_secret" "snapcraft_io-marketo_client_secret" { + name = "snapcraft_io-marketo_client_secret" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "marketo_client_secret-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-marketo_client_secret.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// youtube-api-key +data "juju_secret" "snapcraft_io-youtube_api_key" { + name = "snapcraft_io-youtube_api_key" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "youtube_api_key-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-youtube_api_key.secret_id + + applications = [ + juju_application.demo.name + ] +}