-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
141 lines (121 loc) · 3.64 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package main
import (
nativecdn "github.com/pulumi/pulumi-azure-native-sdk/cdn/v2"
"github.com/pulumi/pulumi-azure-native-sdk/resources/v2"
"github.com/pulumi/pulumi-azure-native-sdk/storage/v2"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/dns"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
type cfgKeys struct {
// pulumi/env names
projectKey string
envKey string
siteKey string
// Azure service values we pull in from projects external to this (for now)
thisAzureTenantId string
dnsResourceGrp string
dnsLookupZone string
dnsRecordTTL string
cdnAzureId string
kvAzureSubscription string // keyvault can live elsewhere
kvAzureResourceGrp string
kvAzureName string
// Github service values pulled in from other projects external to this one
ghAppSrcRepo string
}
type svcPrincipals struct {
cicd ServicePrincipalEnvelope
}
type dnsRecords struct {
a *dns.ARecord
cname *dns.CNameRecord
}
type projectResources struct {
pulumiCtx *pulumi.Context
cfg *config.Config
cfgKeys cfgKeys
// Azure service values for top-level Subscription
thisAzureSubscription *core.LookupSubscriptionResult
svcPrincipals svcPrincipals
dnsRecords dnsRecords
webResourceGrp *resources.ResourceGroup
webStorageAccount *storage.StorageAccount
webStaticEp pulumi.StringOutput
webCdnProfile *nativecdn.Profile
webCdnEp *nativecdn.Endpoint
webDnsZone *dns.LookupZoneResult
webFqdn pulumi.StringOutput
}
const PROD = "prod"
const DEV = "dev"
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Init common resources
pr := projectResources{
pulumiCtx: ctx,
cfg: config.New(ctx, ""),
}
// Init config keys from Pulumi key:values set per project/env
err := pr.initConfigKeys()
if err != nil {
return err
}
// Create an Azure Resource Group
err = pr.createResourceGroup()
if err != nil {
return err
}
// Create an Azure Storage Account to host our site
err = pr.newStorageAccount()
if err != nil {
return err
}
// Enable static web hosting on storage account
err = pr.enableStaticWebHostOnStorageAccount()
if err != nil {
return err
}
// Strip leading 'https://' and trailing '/' from web endpoint address
// for the Storage Account's static website URL
pr.webStaticEp = stripWebStorageEndPointUrl(pr.webStorageAccount)
// Create CDN Profile for usage by our endpoint(s)
err = pr.createCdnProfile()
if err != nil {
return err
}
// Create CDN Endpoint using newly created CDN Profile
err = pr.createCdnEndpoint()
if err != nil {
return err
}
// Look up DNS zone based on pulumi stack config var for external resource group that houses DNS records
err = pr.lookupDnsZone()
if err != nil {
return err
}
// Set up domains depending on env
err = pr.createDnsRecordByEnv()
if err != nil {
return err
}
// Set up TLS depending on environment and custom domain types
err = pr.setupTlsTermination()
if err != nil {
return err
}
// Create+authorize Service Principal to be used in CI/CD process (uploading new content, invalidating cdn cache)
err = pr.generateCICDServicePrincipal()
if err != nil {
return err
}
// Export service principal secret/id, cdn profile/endpoint, resource group, storage acct
// to GitHub repo Deployment secrets/vars where Actions build and deploy to each environment re: gitops flow
err = pr.exportDeployEnvDataToGitHubRepo()
if err != nil {
return err
}
return nil
})
}