init

2026-02-18 01:05:05 +01:00
commit 490fad15c6
19 changed files with 558 additions and 0 deletions
--- a/aws_runner/aws.tf
+++ b/aws_runner/aws.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+    region = "eu-central-1"
+}
--- a/aws_runner/backend.tf
+++ b/aws_runner/backend.tf
@@ -0,0 +1,7 @@
+terraform {
+    backend "s3" {
+        bucket = "company-s3-tfstate-bucket-eu-central-1"
+        region = "eu-central-1"
+        key = "s3-prod-mybucket-python-testing-1234999"
+}
+}
--- a/aws_runner/main.yml
+++ b/aws_runner/main.yml
@@ -0,0 +1,71 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: [self-hosted, linux]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.12' 
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+  test:
+    runs-on: [self-hosted, linux]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Run tests
+        run: |
+          pytest tests/unit -n auto --junitxml=reports/unit.xml --cov=app --cov-report=xml:reports/coverage.xml
+          pytest tests/integration --junitxml=reports/integration.xml
+          pytest tests/e2e --junitxml=reports/e2e.xml
+
+  deploy:
+    runs-on: [self-hosted, linux]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Deploy to AWS (Example with AWS CLI)
+        run: |
+          aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws configure set region us-east-1
+          aws s3 cp ./build/ s3://my-bucket-name/ --recursive
--- a/aws_runner/roles.tf
+++ b/aws_runner/roles.tf
@@ -0,0 +1,40 @@
+resource "aws_iam_role" "github_runner_role" {
+  name               = "github-runner-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect    = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+        Action    = "sts:AssumeRole"
+      },
+    ]
+  })
+}
+
+resource "aws_iam_policy" "github_runner_policy" {
+  name        = "github-runner-policy"
+  description = "Policy for GitHub Self-Hosted Runner EC2 instances"
+  policy      = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect   = "Allow"
+        Action   = [
+          "s3:ListBucket",
+          "s3:GetObject",
+          "ec2:DescribeInstances",
+          "ec2:DescribeVolumes"
+        ]
+        Resource = "*"
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "github_runner_policy_attachment" {
+  role       = aws_iam_role.github_runner_role.name
+  policy_arn = aws_iam_policy.github_runner_policy.arn
+}
--- a/aws_runner/runner.tf
+++ b/aws_runner/runner.tf
@@ -0,0 +1,27 @@
+resource "aws_security_group" "github_runner_sg" {
+  name        = "github-runner-sg"
+  description = "Security group for GitHub self-hosted runners"
+}
+
+resource "aws_instance" "github_runner" {
+  ami           = "ami-07d3c3e2c1184609e"  
+  instance_type = "t3.medium"
+  key_name      = "dummy-keypair"
+  security_groups = [
+    aws_security_group.github_runner_sg.name
+  ]
+  iam_instance_profile = aws_iam_instance_profile.github_runner_instance_profile.name
+  user_data = <<-EOF
+              #!/bin/bash
+              curl -o actions-runner.tar.gz -L https://github.com/actions/runner/releases/download/v2.297.0/actions-runner-linux-x64-2.297.0.tar.gz
+              tar xzf ./actions-runner.tar.gz
+              ./config.sh --url https://github.com/your-org/your-repo --token GITHUB_TOKEN
+              sudo ./svc.sh install
+              sudo ./svc.sh start
+              EOF
+}
+
+resource "aws_iam_instance_profile" "github_runner_instance_profile" {
+  name = "github-runner-instance-profile"
+  role = aws_iam_role.github_runner_role.name
+}
--- a/aws_runner/sg.tf
+++ b/aws_runner/sg.tf
@@ -0,0 +1,16 @@
+resource "aws_security_group" "github_runner_sg" {
+  name        = "github-runner-sg"
+  description = "Security group for GitHub self-hosted runners"
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}