feat(deployment): provision scaleway with tf (#63)

--------- Co-authored-by: Jonathan Perret <[email protected]>
gip-inclusion · Oct 27, 2023 · ea4420a · ea4420a
1 parent ae7063a
commit ea4420a
Show file tree

Hide file tree

Showing 36 changed files with 1,375 additions and 210 deletions.
diff --git a/.github/workflows/api.yml b/.github/workflows/api.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,159 @@
+# References
+# https://docs.docker.com/build/ci/github-actions/
+# https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
+
+name: build
+
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "main"
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        service: ["api", "datawarehouse", "pipeline"]
+
+    env:
+      REGISTRY: ghcr.io
+      IMAGE_NAME: ${{ github.repository }}-${{ matrix.service }}
+
+    permissions:
+      contents: read
+      packages: write
+
+    defaults:
+      run:
+        working-directory: ${{ matrix.service }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=sha,format=long,prefix=
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and export to Docker
+        uses: docker/build-push-action@v5
+        with:
+          context: ./${{ matrix.service }}
+          load: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Run tests
+        if: matrix.service == 'api'
+        run: |
+          docker compose run --entrypoint pytest api -p no:cacheprovider -vv
+
+      - name: Run tests
+        if: matrix.service == 'pipeline'
+        run: |
+          echo #TODO
+
+      - name: Push image to GitHub registry
+        uses: docker/build-push-action@v5
+        with:
+          context: ./${{ matrix.service }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-20.04
+    environment: staging
+
+    defaults:
+      run:
+        working-directory: deployment
+
+    container:
+      image: hashicorp/terraform:1.6.1
+      env:
+        TF_IN_AUTOMATION: true
+
+        AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+        # `TF_VAR_*` are case sensitive and must match the case of variables
+        TF_VAR_scaleway_application_id: ${{ vars.SCALEWAY_APPLICATION_ID }}
+        TF_VAR_datawarehouse_admin_password: ${{ secrets.DATAWAREHOUSE_ADMIN_PASSWORD }}
+        TF_VAR_datawarehouse_admin_username: ${{ vars.DATAWAREHOUSE_ADMIN_USERNAME }}
+        TF_VAR_datawarehouse_di_database: ${{ vars.DATAWAREHOUSE_DI_DATABASE }}
+        TF_VAR_datawarehouse_di_password: ${{ secrets.DATAWAREHOUSE_DI_PASSWORD }}
+        TF_VAR_datawarehouse_di_username: ${{ vars.DATAWAREHOUSE_DI_USERNAME }}
+        TF_VAR_scaleway_access_key: ${{ vars.SCALEWAY_ACCESS_KEY }}
+        TF_VAR_scaleway_project_id: ${{ vars.SCALEWAY_PROJECT_ID }}
+        TF_VAR_scaleway_secret_key: ${{ secrets.SCALEWAY_SECRET_KEY }}
+        TF_VAR_environment: ${{ vars.ENVIRONMENT }}
+        TF_VAR_airflow_application_id: ${{ vars.AIRFLOW_APPLICATION_ID }}
+        TF_VAR_airflow_access_key: ${{ vars.AIRFLOW_ACCESS_KEY }}
+        TF_VAR_airflow_secret_key: ${{ secrets.AIRFLOW_SECRET_KEY }}
+        TF_VAR_airflow_admin_password: ${{ secrets.AIRFLOW_ADMIN_PASSWORD }}
+        TF_VAR_api_secret_key: ${{ secrets.API_SECRET_KEY }}
+        TF_VAR_stack_version: ${{ github.sha }}
+        TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
+        TF_VAR_dns_zone: ${{ vars.DNS_ZONE }}
+        TF_VAR_dns_subdomain: ${{ vars.DNS_SUBDOMAIN }}
+        TF_VAR_airflow__core__fernet_key: ${{ secrets.AIRFLOW__CORE__FERNET_KEY }}
+        TF_VAR_api_token_enabled: ${{ vars.API_TOKEN_ENABLED }}
+        TF_VAR_airflow_conn_s3_sources: ${{ secrets.AIRFLOW_CONN_S3_SOURCES }}
+        TF_VAR_datagouv_api_key: ${{ secrets.DATAGOUV_API_KEY }}
+        TF_VAR_dora_api_url: ${{ vars.DORA_API_URL }}
+        TF_VAR_dora_api_token: ${{ secrets.DORA_API_TOKEN }}
+        TF_VAR_emplois_api_token: ${{ secrets.EMPLOIS_API_TOKEN }}
+        TF_VAR_grist_api_token: ${{ secrets.GRIST_API_TOKEN }}
+        TF_VAR_mes_aides_airtable_key: ${{ secrets.MES_AIDES_AIRTABLE_KEY }}
+        TF_VAR_soliguide_api_token: ${{ secrets.SOLIGUIDE_API_TOKEN }}
+        TF_VAR_metabase_secret_key: ${{ secrets.METABASE_SECRET_KEY }}
+        ENV: ${{ vars.ENVIRONMENT }}
+      volumes:
+        - .:/deployment
+      options: --workdir /deployment
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: tf init
+        run: |
+          terraform init \
+            -backend-config "bucket=data-inclusion-terraform-states" \
+            -backend-config "key=${ENV}"
+
+      - name: tf validate
+        run: |
+          terraform validate
+
+      - name: tf plan
+        run: |
+          terraform plan
+
+      - name: tf apply
+        run: |
+          terraform apply -auto-approve
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -29,6 +29,17 @@ repos:
         files: ^api
         exclude: ^api/tests/
 
+  # deployment
+  - repo: local
+    hooks:
+      - id: terraform-fmt
+        name: deployment|terraform-fmt
+        language: docker_image
+        entry: hashicorp/terraform:1.6.1
+        args: [fmt, -recursive, deployment]
+        pass_filenames: false
+        files: ^deployment/
+
   # pipeline
   - repo: https://github.com/psf/black
     rev: 23.7.0

diff --git a/.template.env b/.template.env
@@ -9,6 +9,16 @@
 # cf https://airflow.apache.org/docs/apache-airflow/stable/howto/docker-compose/index.html#setting-the-right-airflow-user
 AIRFLOW_UID=
 
+# airflow connections string *must* be urlencoded (using `urllib.parse.urlencode` for instance)
+
+AIRFLOW_CONN_S3_SOURCES=
+AIRFLOW_VAR_DATAGOUV_API_KEY=
+AIRFLOW_VAR_DORA_API_TOKEN=
+AIRFLOW_VAR_EMPLOIS_API_TOKEN=
+AIRFLOW_VAR_GRIST_API_TOKEN=
+AIRFLOW_VAR_MES_AIDES_AIRTABLE_KEY=
+AIRFLOW_VAR_SOLIGUIDE_API_TOKEN=
+
 ###
 ### target-db
 ###
@@ -30,95 +40,3 @@ SIRETISATION_UI_PORT=8005
 SIRETISATION_UI_ENV=dev
 SIRETISATION_UI_DEBUG=True
 ANNUAIRE_ENTREPRISES_API_URL=https://recherche-entreprises.api.gouv.fr
-
-###
-### sources
-###
-
-# airflow connections string *must* be urlencoded (using `urllib.parse.urlencode` for instance)
-
-AGEFIPH_SERVICES_API_URL=https://www.agefiph.fr/jsonapi/node/aide_service
-AGEFIPH_STRUCTURES_FILE_URL=
-AIRFLOW_CONN_S3_SOURCES=
-BAN_API_URL=https://api-adresse.data.gouv.fr
-CD35_FILE_URL=https://data.ille-et-vilaine.fr/dataset/8d5ec0f0-ebe1-442d-9d99-655b37d5ad07/resource/8b781e9d-e11d-486c-98cf-0f63abfae8ed/download/annuaire_sociale_fixe.csv
-CD72_STRUCTURES_FILE_URL=https://grist.incubateur.net/o/datainclusion/api/docs/dFpXXzs2fug9Kb7zZhyWyn/download/csv?tableId=Structures
-CD72_SERVICES_FILE_URL=https://grist.incubateur.net/o/datainclusion/api/docs/dFpXXzs2fug9Kb7zZhyWyn/download/csv?tableId=Services
-DI_EXTRA_SERVICES_FILE_URL=https://data-inclusion-lake.s3.fr-par.scw.cloud/sources/data-inclusion/2023-08-16/services.json
-DI_EXTRA_STRUCTURES_FILE_URL=https://data-inclusion-lake.s3.fr-par.scw.cloud/sources/data-inclusion/2023-08-16/structures.json
-DORA_API_TOKEN=
-DORA_API_URL=https://api.dora.inclusion.beta.gouv.fr/api/v2/
-EMPLOIS_API_TOKEN=
-EMPLOIS_API_URL=https://emplois.inclusion.beta.gouv.fr/api/v1/structures/
-ETAB_PUB_FILE_URL=https://www.data.gouv.fr/fr/datasets/r/73302880-e4df-4d4c-8676-1a61bb997f3d
-FINESS_FILE_URL=https://www.data.gouv.fr/fr/datasets/r/3dc9b1d5-0157-440d-a7b5-c894fcfdfd45
-GRIST_API_TOKEN=
-IGN_ADMIN_EXPRESS_FILE_URL=http://files.opendatarchives.fr/professionnels.ign.fr/adminexpress/ADMIN-EXPRESS-COG_3-0__SHP__FRA_WM_2021-05-19.7z
-IMMERSION_FACILITEE_S3_KEY_PREFIX=sources/immersion-facilitee/2023-03-06/after-siretisation-auto/
-INSEE_FIRSTNAME_FILE_URL=https://www.insee.fr/fr/statistiques/fichier/2540004/nat2021_csv.zip
-INSEE_COG_DATASET_URL=https://www.insee.fr/fr/statistiques/fichier/6800675
-MEDNUM_AIDANTS_CONNECT_DATASET_URL=https://www.data.gouv.fr/fr/datasets/64a7e1371873e4865272fbd8
-MEDNUM_ANGERS_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63d13f5ec3e0721ea91a2e5d
-MEDNUM_ASSEMBLEURS_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63ca9667f0e2740ddfa1bf98
-MEDNUM_CD17_DATASET_URL=https://www.data.gouv.fr/fr/datasets/646dfe9eb1a95610f26aca49
-MEDNUM_CD23_DATASET_URL=https://www.data.gouv.fr/fr/datasets/641864db09184e5b19500970
-MEDNUM_CD28_APPUI_TERRITORIAL_DATASET_URL=https://www.data.gouv.fr/fr/datasets/6470869eb0d058e044cb5b81
-MEDNUM_CD33_DATASET_URL=https://www.data.gouv.fr/fr/datasets/645381a7d6b3815929f68b82
-MEDNUM_CD40_DATASET_URL=https://www.data.gouv.fr/fr/datasets/641860de365041f1d489eeff
-MEDNUM_CD44_DATASET_URL=https://www.data.gouv.fr/fr/datasets/6413499019b0b5d458e4c145
-MEDNUM_CD49_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63ca9664c2b40e3e08c20453
-MEDNUM_CD85_DATASET_URL=https://www.data.gouv.fr/fr/datasets/64a2d7ec70a28c9b4f145be0
-MEDNUM_CD87_DATASET_URL=https://www.data.gouv.fr/fr/datasets/6446555e15560fb6d85fede1
-MEDNUM_CONSEILLER_NUMERIQUE_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63ca966a2facfcdb4dd3fa4f
-MEDNUM_CONUMM_DATASET_URL=https://www.data.gouv.fr/fr/datasets/647d9dbd426d8423c5497de4
-MEDNUM_CR93_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63fcd16c3a6713f39ccfaed1
-MEDNUM_ETAPES_NUMERIQUE_DATASET_URL=https://www.data.gouv.fr/fr/datasets/645a7b7ba4f1578539412fd7
-MEDNUM_FIBRE_64_DATASET_URL=https://www.data.gouv.fr/fr/datasets/644bc30fd6f232ae075a0fc2
-MEDNUM_FRANCE_SERVICES_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63ca9666774b02d12be44596
-MEDNUM_FRANCE_TIERS_LIEUX_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63d7de199bb6eb8f4786982b
-MEDNUM_FRANCILIN_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63d0fa06a3406203e0f16ed1
-MEDNUM_HINAURA_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63ca966d774b02d12be44597
-MEDNUM_HUB_ANTILLES_DATASET_URL=https://www.data.gouv.fr/fr/datasets/644bc30fce70044e21ccefca
-MEDNUM_HUB_LO_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63fc697f74f28bd3729806e9
-MEDNUM_MULHOUSE_DATASET_URL=https://www.data.gouv.fr/fr/datasets/63f771187acc8da3c1143974
-MEDNUM_RES_IN_DATASET_URL=https://www.data.gouv.fr/fr/datasets/640a0753b2587b420259932e
-MEDNUM_RHINOCC_DATASET_URL=https://www.data.gouv.fr/fr/datasets/6409d8ec539b90e1f25a174b
-MEDNUM_ULTRA_NUMERIQUE_DATASET_URL=https://www.data.gouv.fr/fr/datasets/642eeced5b28a9521b5be918
-MES_AIDES_AIDES_URL=https://airtable.com/appoYjASNOp90Ryy5/tblN4m8Ayzxzgxl9W/viw7HRKMxq4hR2f27
-MES_AIDES_AIRTABLE_KEY=
-MES_AIDES_GARAGES_URL=https://airtable.com/appEvva5gyqqoQRnr/tblnGf4Y5EUEeVHtJ/viw9ZZAUkexq6uDaI
-MONENFANT_CRECHES_FILE_URL=
-ODSPEP_S3_KEY_PREFIX=sources/odspep/2023-01-23/denormalized/Exports/
-RESEAU_ALPHA_URL=https://www.reseau-alpha.org
-SIAO_FILE_URL=
-SIRENE_STOCK_ETAB_GEOCODE_FILE_URL=https://data.cquest.org/geo_sirene/v2019/last/StockEtablissementActif_utf8_geo.csv.gz
-SIRENE_STOCK_ETAB_HIST_FILE_URL=https://www.data.gouv.fr/fr/datasets/r/88fbb6b4-0320-443e-b739-b4376a012c32
-SIRENE_STOCK_ETAB_LIENS_SUCCESSION_URL=https://www.data.gouv.fr/fr/datasets/r/9c4d5d9c-4bbb-4b9c-837a-6155cb589e26
-SIRENE_STOCK_UNITE_LEGALE_FILE_URL=https://www.data.gouv.fr/fr/datasets/r/825f4199-cadd-486c-ac46-a65a8ea1a047
-SOLIGUIDE_API_TOKEN=
-SOLIGUIDE_API_URL=https://api.soliguide.fr/
-UN_JEUNE_UNE_SOLUTION_API_URL=https://mes-aides.1jeune1solution.beta.gouv.fr/api/
-
-###
-### data.gouv
-###
-
-DATAGOUV_API_KEY=
-DATAGOUV_API_URL=https://www.data.gouv.fr/api/
-DATAGOUV_DI_DATASET_ID=6233723c2c1e4a54af2f6b2d
-DATAGOUV_DI_RESOURCE_IDS='
-{
-    "structures": {
-        "json": "4fc64287-e869-4550-8fb9-b1e0b7809ffa",
-        "csv": "fd4cb3ef-5c31-4c99-92fe-2cd8016c0ca5",
-        "xlsx": "fad88958-c9a7-4914-a9b8-89d1285c210a",
-        "geojson": "42d46a21-eeef-433c-b3c3-961e1c37bc93"
-    },
-    "services": {
-        "json": "0eac1faa-66f9-4e49-8fb3-f0721027d89f",
-        "csv": "5abc151a-5729-4055-b0a9-d5691276f461",
-        "xlsx": "de2eb57b-113d-48eb-95d2-59a69ba36eb1",
-        "geojson": "307529c0-dcc5-449a-a88d-9290a8a86a14"
-    },
-}
-'
diff --git a/.vscode/data-inclusion.code-workspace b/.vscode/data-inclusion.code-workspace
@@ -12,6 +12,12 @@
 		{
 			"path": "../siretisation"
 		},
+		{
+			"path": "../deployment"
+		},
+		{
+			"path": "../datawarehouse"
+		},
 		{
 			"path": ".."
 		},

diff --git a/api/src/data_inclusion/api/entrypoints/fastapi.py b/api/src/data_inclusion/api/entrypoints/fastapi.py
@@ -51,6 +51,7 @@ def create_app() -> fastapi.FastAPI:
 
     app = fastapi.FastAPI(
         title="data.inclusion API",
+        openapi_url="/api/openapi.json",
         description=description,
         docs_url="/api/v0/docs",
         contact={

diff --git a/datawarehouse/.dockerignore b/datawarehouse/.dockerignore
@@ -0,0 +1,4 @@
+*
+
+!/docker-entrypoint-initdb.d
+!/requirements
diff --git a/datawarehouse/Dockerfile b/datawarehouse/Dockerfile
@@ -0,0 +1,24 @@
+FROM postgres:14.9-bookworm
+
+ENV VIRTUAL_ENV /app/venv
+ENV PATH "${VIRTUAL_ENV}/bin:${PATH}"
+ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE 1
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+    postgresql-14-postgis-3 \
+    postgresql-plpython3-14 \
+    python3-pip \
+    python3-venv \
+    && apt-get autoremove --purge -y \
+    && apt-get clean -y \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY ./docker-entrypoint-initdb.d /docker-entrypoint-initdb.d
+
+RUN python3.11 -m venv ${VIRTUAL_ENV}
+
+COPY requirements requirements
+RUN pip install --no-cache-dir --upgrade pip setuptools wheel
+RUN pip install --no-cache-dir -r requirements/requirements.txt