wip

gip-inclusion · Aug 29, 2023 · 9d15031 · 9d15031
1 parent 840322d
commit 9d15031
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 3 deletions.
diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
@@ -23,6 +23,14 @@ jobs:
       env:
         AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        TF_VAR_DATAWAREHOUSE_ADMIN_PASSWORD: ${{ secrets.TF_VAR_DATAWAREHOUSE_ADMIN_PASSWORD }}
+        TF_VAR_DATAWAREHOUSE_ADMIN_USERNAME: ${{ secrets.TF_VAR_DATAWAREHOUSE_ADMIN_USERNAME }}
+        TF_VAR_DATAWAREHOUSE_DI_DATABASE: ${{ secrets.TF_VAR_DATAWAREHOUSE_DI_DATABASE }}
+        TF_VAR_DATAWAREHOUSE_DI_PASSWORD: ${{ secrets.TF_VAR_DATAWAREHOUSE_DI_PASSWORD }}
+        TF_VAR_DATAWAREHOUSE_DI_USERNAME: ${{ secrets.TF_VAR_DATAWAREHOUSE_DI_USERNAME }}
+        TF_VAR_SCALEWAY_ACCESS_KEY: ${{ secrets.TF_VAR_SCALEWAY_ACCESS_KEY }}
+        TF_VAR_SCALEWAY_PROJECT_ID: ${{ secrets.TF_VAR_SCALEWAY_PROJECT_ID }}
+        TF_VAR_SCALEWAY_SECRET_KEY: ${{ secrets.TF_VAR_SCALEWAY_SECRET_KEY }}
       volumes:
         - .:/deployment
       options: --workdir /deployment

diff --git a/deployment/README.md b/deployment/README.md
@@ -9,9 +9,22 @@ This documentation is structured as follow :
 
 ### prerequisites
 
-* A scaleway project.
-* An IAM application ([here](https://console.scaleway.com/iam/applications)) with a policy to fully access all ressources in the target scaleway project.
-* An API key for that application ([here](https://console.scaleway.com/iam/api-keys))
+#### for the state backend
+
+* A scaleway project
+* A policy with access to object storage ([here](https://console.scaleway.com/iam/policies))
+* An IAM application with this policy assigned ([here](https://console.scaleway.com/iam/applications))
+* An API key for this application ([here](https://console.scaleway.com/iam/api-keys))
+
+This is preferably shared by environments.
+
+#### for provisioning an environment
+
+* A scaleway project dedicated for that environment
+* A policy ([here](https://console.scaleway.com/iam/policies)) with the following rules:
+    * `InstancesFullAccess`, `ObjectStorageFullAccess`, `RelationalDatabasesFullAccess` in the target project scope
+* An IAM application with this policy assigned ([here](https://console.scaleway.com/iam/applications))
+* An API key for this application ([here](https://console.scaleway.com/iam/api-keys))
 
 ### targeting an environment
 
@@ -23,6 +36,8 @@ docker compose run --rm tf -chdir=environments/staging plan
 
 ### initializing the state backend
 
+*Use the prerequisites for the state backend*
+
 ```bash
 docker compose run --rm tf -chdir=environments/<ENVIRONMENT>/ init \
     -backend-config "bucket=data-inclusion-terraform" \
@@ -47,6 +62,8 @@ The generated `terraform.tfvars.json` file can be filled with the appropriate va
 
 ⚠️⚠️ `terraform.tfvars.json` FILES SHOULD NOT BE COMMITTED ⚠️⚠️
 
+*Use the prerequisites for provisioning an environment*
+
 ### provisioning
 
 ```bash