From e525f2ae9b53594261fa880dc6d86ef7e260dd4c Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Wed, 9 Nov 2022 10:21:04 -0500 Subject: [PATCH 1/3] Build caddy binary as part of the egress proxy deploy --- .github/actions/deploy-proxy/action.yml | 3 ++- deploy-config/egress_proxy/notify-api-staging.deploy.acl | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 deploy-config/egress_proxy/notify-api-staging.deploy.acl diff --git a/.github/actions/deploy-proxy/action.yml b/.github/actions/deploy-proxy/action.yml index 56e87080f..3f45217d5 100644 --- a/.github/actions/deploy-proxy/action.yml +++ b/.github/actions/deploy-proxy/action.yml @@ -26,8 +26,9 @@ runs: - name: Copy config files shell: bash run: cp ./deploy-config/egress_proxy/${{ inputs.app }}.*.acl ${{ steps.create-temp-dir.outputs.path }} - - name: Deploy proxy + - name: Build and deploy proxy shell: bash run: > cd ${{ steps.create-temp-dir.outputs.path }}; + make; ./bin/cf-deployproxy -a ${{ inputs.app }} -p egress-proxy -e egress_proxy diff --git a/deploy-config/egress_proxy/notify-api-staging.deploy.acl b/deploy-config/egress_proxy/notify-api-staging.deploy.acl new file mode 100644 index 000000000..8c15e6369 --- /dev/null +++ b/deploy-config/egress_proxy/notify-api-staging.deploy.acl @@ -0,0 +1 @@ +Update this file to force a re-deploy of the egress proxy even when notify-api-staging..acl haven't changed From ef0f3c5a4e191c03bc7a8ee8696c78c19464ad97 Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Wed, 9 Nov 2022 10:21:49 -0500 Subject: [PATCH 2/3] Add Ryan and Steven to space-egress deployers for ease of debugging --- terraform/sandbox/main.tf | 3 ++- terraform/staging/main.tf | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/terraform/sandbox/main.tf b/terraform/sandbox/main.tf index fd1c4ced3..96e0338ab 100644 --- a/terraform/sandbox/main.tf +++ b/terraform/sandbox/main.tf @@ -63,6 +63,7 @@ module "egress-space" { cf_restricted_space_name = local.cf_space_name deployers = [ var.cf_user, - "ryan.ahearn@gsa.gov" + "ryan.ahearn@gsa.gov", + "steven.reilly@gsa.gov" ] } diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf index 6fca24d76..911e9d8b9 100644 --- a/terraform/staging/main.tf +++ b/terraform/staging/main.tf @@ -62,6 +62,8 @@ module "egress-space" { cf_org_name = local.cf_org_name cf_restricted_space_name = local.cf_space_name deployers = [ - var.cf_user + var.cf_user, + "ryan.ahearn@gsa.gov", + "steven.reilly@gsa.gov" ] } From b54fa67f132dea9f15dfaeb63e532a984a344c9f Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Wed, 9 Nov 2022 10:22:02 -0500 Subject: [PATCH 3/3] Add egress-proxy module to demo and prod terraform --- terraform/demo/main.tf | 14 ++++++++++++++ terraform/production/main.tf | 12 ++++++++++++ 2 files changed, 26 insertions(+) diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf index d8d17cda9..cb703cf50 100644 --- a/terraform/demo/main.tf +++ b/terraform/demo/main.tf @@ -53,3 +53,17 @@ module "contact_list_bucket" { recursive_delete = local.recursive_delete s3_service_name = "${local.app_name}-contact-list-bucket-${local.env}" } + +module "egress-space" { + source = "../shared/egress_space" + + cf_user = var.cf_user + cf_password = var.cf_password + cf_org_name = local.cf_org_name + cf_restricted_space_name = local.cf_space_name + deployers = [ + var.cf_user, + "ryan.ahearn@gsa.gov", + "steven.reilly@gsa.gov" + ] +} diff --git a/terraform/production/main.tf b/terraform/production/main.tf index 767b11197..e32610a37 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -54,6 +54,18 @@ module "contact_list_bucket" { s3_service_name = "${local.app_name}-contact-list-bucket-${local.env}" } +module "egress-space" { + source = "../shared/egress_space" + + cf_user = var.cf_user + cf_password = var.cf_password + cf_org_name = local.cf_org_name + cf_restricted_space_name = local.cf_space_name + deployers = [ + var.cf_user + ] +} + ########################################################################### # The following lines need to be commented out for the initial `terraform apply` # It can be re-enabled after: