From eae15e17edff8c63de19c9686ef8621e2c73464c Mon Sep 17 00:00:00 2001
From: Wellyson Freitas <wellyson.freitas@n26.com>
Date: Wed, 13 Mar 2024 22:07:10 +0100
Subject: [PATCH] Initial setup

---
 .github/workflows/rds.yml  | 66 +++++++++++++++++++++++++++++++
 .gitignore                 | 79 ++++++++++++++++++++++++++++++++++++++
 terraform/providers.tf     | 18 +++++++++
 terraform/rds.tf           | 34 ++++++++++++++++
 terraform/terraform.tfvars |  7 ++++
 terraform/variables.tf     | 11 ++++++
 6 files changed, 215 insertions(+)
 create mode 100644 .github/workflows/rds.yml
 create mode 100644 .gitignore
 create mode 100644 terraform/providers.tf
 create mode 100644 terraform/rds.tf
 create mode 100644 terraform/terraform.tfvars
 create mode 100644 terraform/variables.tf

diff --git a/.github/workflows/rds.yml b/.github/workflows/rds.yml
new file mode 100644
index 0000000..dafb901
--- /dev/null
+++ b/.github/workflows/rds.yml
@@ -0,0 +1,66 @@
+name: "RDS"
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/rds.yml
+      - 'terraform/**'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - .github/workflows/rds.yml
+      - 'terraform/**'
+
+jobs:
+  rds:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./terraform
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::202062340677:role/TechChallengeInfraDeployer
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_CLOUD_USER_API_TOKEN }}
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan
+
+      - name: Check Errors
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply -auto-approve -input=false
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..110ed87
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,79 @@
+# JETBRAINS
+
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
diff --git a/terraform/providers.tf b/terraform/providers.tf
new file mode 100644
index 0000000..94246ad
--- /dev/null
+++ b/terraform/providers.tf
@@ -0,0 +1,18 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0.0"
+    }
+  }
+
+  backend "s3" {
+    bucket = "fiap-3soat-g15-infra-database-rds-state"
+    key    = "live/terraform.tfstate"
+    region = "sa-east-1"
+  }
+}
+
+provider "aws" {
+  region = var.region
+}
diff --git a/terraform/rds.tf b/terraform/rds.tf
new file mode 100644
index 0000000..38fa5da
--- /dev/null
+++ b/terraform/rds.tf
@@ -0,0 +1,34 @@
+resource "aws_db_instance" "default" {
+  allocated_storage    = 10
+  db_name              = "selfordermanagement"
+  engine               = "postgres"
+  engine_version       = "16.0"
+  instance_class       = "db.t3.micro"
+  parameter_group_name = "default.postgres16"
+  skip_final_snapshot  = true
+  username             = "admin"
+  password             = data.aws_secretsmanager_secret_version.password
+}
+
+resource "random_password" "master" {
+  length           = 16
+  special          = true
+  override_special = "_!%^"
+}
+
+resource "aws_secretsmanager_secret" "password" {
+  name = "self-order-management-db-password"
+}
+
+resource "aws_secretsmanager_secret_version" "password" {
+  secret_id     = aws_secretsmanager_secret.password.id
+  secret_string = random_password.master.result
+}
+
+data "aws_secretsmanager_secret" "password" {
+  name = "self-order-management-db-password"
+}
+
+data "aws_secretsmanager_secret_version" "password" {
+  secret_id = data.aws_secretsmanager_secret.password
+}
diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars
new file mode 100644
index 0000000..a3c4b67
--- /dev/null
+++ b/terraform/terraform.tfvars
@@ -0,0 +1,7 @@
+region = "sa-east-1"
+
+tags = {
+  managed_by_terraform = true
+}
+
+account_id = "202062340677"
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000..0a98dcb
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,11 @@
+variable "region" {
+  type = string
+}
+
+variable "tags" {
+  type = map(string)
+}
+
+variable "account_id" {
+  type = string
+}