Migrate to using Terraform Deployment (#46)

* Add Terraform project to create ECR repositories in the operations account
* Add Terraform project to create the ECS service and other resources
* Update Travis-CI configuration to deploy using Terraform
* Update documentation

Author: bhavikkumar

.gitignore

@@ -1,3 +1,15 @@
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .tfvars files
+*.tfvars
+
+# Crash logs
+crash.log
 
 # Created by https://www.gitignore.io/api/java,gradle,eclipse,netbeans,intellij
 

.travis.yml

@@ -4,18 +4,30 @@
 [![Known Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=spring-boot-java-base&metric=vulnerabilities)](https://sonarcloud.io/api/project_badges/measure?project=spring-boot-java-base&metric=vulnerabilities)
 # Spring Boot Java Base
 
-## How tos
+## Build & Test
+
+This project uses gradle and uses the default tasks to compile and run unit tests. 
 
-### Build & Test
 ```bash
 ./gradlew clean assemble check
 ```
 
-### How to: Build and run locally on Docker
-1. `./gradlew clean assemble check docker`
-2. `docker run -e SPRING_PROFILES_ACTIVE=localhost -p 8080:8080 -i -t spring-boot-java-base`
+### Build and run locally on Docker
+1. Build the docker container
+```bash
+./gradlew clean assemble check docker
+```
+2. Run the docker container 
+```bash
+docker run -e SPRING_PROFILES_ACTIVE=localhost -p 8080:8080 -i -t spring-boot-java-base
+```
+
+### Build production equivalent container
+```bash
+./gradlew clean assemble check docker dockerTag -PTAG=$(git rev-parse --verify HEAD --short) -PREPOSITORY_URI=${DOCKER_REPO}${IMAGE_NAME}
+```
 
-#### Debug / Profiling
+### Profiling
 To debug the container locally, the `JAVA_OPTS` environment variable can be provided when running the container.
 ```bash
 docker run -p 8080:8080 -i -t -e JAVA_OPTS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" spring-boot-java-base
@@ -27,12 +39,92 @@ New relic can be enabled by providing the following `JAVA_OPTS` environment vari
 docker run -p 8080:8080 -i -t -e JAVA_OPTS="-javaagent:newrelic/newrelic.jar -Dnewrelic.environment=development -Dnewrelic.config.file=newrelic/newrelic.yml" spring-boot-java-base
 ```
 
-### How to: Build production equivalent container
-```bash
-./gradlew clean assemble check docker dockerTag -PTAG=$(git rev-parse --verify HEAD --short) -PREPOSITORY_URI=${DOCKER_REPO}${IMAGE_NAME}
+## Deployment
+
+This project uses Terraform and the AWS CLI to deploy the service to the BNC ECS Cluster. To have the CI/CD pipeline deploy a service which has be deployed using a fork of this project you can follow the instructions below.
+
+### Terraform ECS Workspaces
+
+By default Terraform will not create the required workspaces. Before setting up the deployment in the CI environment, ensure you have created all of the appropriate workspaces.
+
+The default workspaces for BNC are:
+* development
+* production
+
+To create the workspaces run the following commands:
+```
+cd deployment/terraform/ecs-service
+terraform workspace new production
+terraform workspace new development
 ```
 
-## For more tasks run
-```bash
-./gradlew tasks
+### Setting up Travis-CI deployment
+
+1. Encrypt the following global environment variables using the Travis-CI CLI.
+```
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_DEFAULT_REGION=
+KMS_KEY_ID=
+ROLE_ARN=
+STATE_S3_BUCKET=
+STATE_DYNAMODB_TABLE=
+KEY=<The project key for the ECR repository>, e.g bnc/<team>/ecr/<service-name>
+SERVICE_KEY=<The project key for ECS service>, e.g bnc/<team>/<workspace>/ecs/<service-name>
+OPERATIONS_ROLE_ARN=
+DEVELOPMENT_ROLE_ARN=
+PRODUCTION_ROLE_ARN=
+SPLUNK_URL=
+```
+
+2. Encrypt the following environment variables for the development deployment:
+```
+TF_WORKSPACE=
+SPLUNK_TOKEN=
+```
+
+### Deployment to development ECS cluster
+
+#### Setup AWS Credentials
+
+1. Setup the AWS profile using `aws configure --profile bnc-terraform`. The credentials can be retrieved using `terraform output` command in the terraform-techemy-master project if you have this setup.
+
+#### Terraform ECR Project
+
+1. cd deployment/terraform/ecr
+
+2. Copy `backend.tfvars.example` to `backend.tfvars`.
+
+3. Fill out the `backend.tfvars`
+
+4. Run `terraform init "-backend-config=backend.tfvars"`.
+
+5. Copy `master.tfvars.example` to `master.tfvars`.
+
+6. Fill in the `master.tfvars` with the correct values.
+
+7. Now the project is fully setup and you will have the ability to run [terraform commands](https://www.terraform.io/docs/commands/index.html).
+```
+terraform plan "-var-file=master.tfvars"
+```
+
+#### Terraform ECS Project
+
+1. cd deployment/terraform/ecs-service
+
+2. Copy `backend.tfvars.example` to `backend.tfvars`.
+
+3. Fill out the `backend.tfvars`
+
+4. Run `terraform init "-backend-config=backend.tfvars"`.
+
+5. Copy `master.tfvars.example` to `master.tfvars`.
+
+6. Fill in the `master.tfvars` with the correct values.
+
+7. Select the development work space `terraform workspace select development`
+
+8. Now the project is fully setup and you will have the ability to run [terraform commands](https://www.terraform.io/docs/commands/index.html).
+```
+terraform plan "-var-file=master.tfvars"
 ```

README.md

@@ -1,14 +1,15 @@
 plugins {
     id 'eclipse'
     id 'idea'
-    id "org.sonarqube" version "2.7" apply false
+    id "org.sonarqube" version "2.7.1" apply false
     id "com.github.spotbugs" version "1.6.9" apply false
     id "com.bnc.gradle.travis-ci-versioner" version "1.0.6"
 }
 
 ext {
     awsAccessKeyId = properties.containsKey('AWS_ACCESS_KEY_ID') ? AWS_ACCESS_KEY_ID : System.getenv('AWS_ACCESS_KEY_ID')
     awsSecretAccessKey = properties.containsKey('AWS_SECRET_ACCESS_KEY') ? AWS_SECRET_ACCESS_KEY : System.getenv('AWS_SECRET_ACCESS_KEY')
+    awsSessionToken = System.getenv('AWS_SESSION_TOKEN')
 }
 
 travisVersioner {
@@ -27,15 +28,23 @@ allprojects {
     sourceCompatibility = JavaVersion.VERSION_11
     targetCompatibility = JavaVersion.VERSION_11
     compileJava.options.encoding = "UTF-8"
+    compileTestJava.options.encoding = "UTF-8"
 
     repositories {
         mavenCentral()
         jcenter()
         maven {
+            // This repository is only used for Brave New Coin artifacts. It is not required to build this project.
             url "s3://artifact.bravenewcoin.com/maven/release"
+            content {
+                includeGroup "com.bnc"
+            }
             credentials(AwsCredentials) {
                 accessKey "${awsAccessKeyId}"
                 secretKey "${awsSecretAccessKey}"
+                if (awsSessionToken) {
+                    sessionToken "${awsSessionToken}"
+                }
             }
         }
     }

build.gradle

@@ -9,6 +9,7 @@ jar {
 publishing {
     publications {
         mavenJava(MavenPublication) {
+            groupId = "com.bnc.${rootProject.name}"
             from components.java
         }
     }
@@ -19,6 +20,9 @@ publishing {
             credentials(AwsCredentials) {
                 accessKey "${awsAccessKeyId}"
                 secretKey "${awsSecretAccessKey}"
+                if (awsSessionToken) {
+                    sessionToken "${awsSessionToken}"
+                }
             }
         }
     }