labadmin/proyectosacc-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ci): integra Terraform en pipeline de Bitbucket Pipelines

Browse Source 
- Agrega paso 03_terraform para DEV y PROD con init, plan y apply
- Crea backend.dev.hcl para configuración explícita de estado DEV
- Refactoriza Route53/ACM en main.tf para soportar PROD cross-account
  usando count condicional sin romper estado de DEV
- Descomenta provider aws.route53 en provider.tf
- Añade domain_name faltante en prod.tfvars y confirma dev.tfvars
- Corrige output route53_record para recursos con count
- Elimina errored.tfstate corrupto local
- Incluye permiso sts:AssumeRole en IAM policy para Route53 cross-account
This commit is contained in:
Evert Daniel Romero Garrido
2026-04-14 19:40:57 -06:00
parent 3fe8cb1391
commit cbea3e932b
8 changed files with 128 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bitbucket-pipelines.yml
+38 -10
View File
@@ -1,8 +1,8 @@
# ===============================================================================================================
# bitbucket-pipelines.yml - Pipeline CI/CD para proyectosacc
# Descripción:
# Pipeline de 7 pasos estándar de CCsoft para desplegar el frontend
# React (S3+CloudFront) y la API backend (EC2) de SACC.
# Pipeline de 7 pasos estándar de CCsoft para desplegar infraestructura (Terraform),
# frontend React (S3+CloudFront) y API backend (EC2) de SACC.
#
# Autor: Área de Tecnología y Desarrollo - CCsoft
# ===============================================================================================================
@@ -42,7 +42,7 @@ pipelines:
name: 01_image-setup
script:
- set -euo pipefail
- apt-get update -y && apt-get install -y openssh-client openjdk-21-jdk awscli
- apt-get update -y && apt-get install -y openssh-client openjdk-21-jdk awscli wget unzip
- mkdir -p ~/.ssh
- echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
- chmod 600 ~/.ssh/sacc4_key
@@ -59,11 +59,24 @@ pipelines:
- git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-saac4.git" ci-cd-saac4
- step:
name: 03_dependencies
name: 03_terraform
script:
- set -euo pipefail
- npm ci
- ./gradlew dependencies
- cd terraform
- wget -q "https://releases.hashicorp.com/terraform/1.11.4/terraform_1.11.4_linux_amd64.zip"
- unzip -q terraform_1.11.4_linux_amd64.zip
- mv terraform /usr/local/bin/terraform
- terraform version
- export AWS_ACCESS_KEY_ID="${DEV_AWS_ACCESS_KEY_ID}"
- export AWS_SECRET_ACCESS_KEY="${DEV_AWS_SECRET_ACCESS_KEY}"
- export AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-mx-central-1}"
- terraform init -backend-config=backend.dev.hcl
- terraform plan -var-file=environments/dev.tfvars -var="db_password=${DEV_DB_PASSWORD}" -out=dev.tfplan
- terraform apply -auto-approve dev.tfplan
- terraform output -json > terraform-outputs.json
- cat terraform-outputs.json
artifacts:
- terraform/terraform-outputs.json
- step:
name: 04_build
@@ -108,6 +121,7 @@ pipelines:
-o StrictHostKeyChecking=no \
"${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \
"bash /home/thoth/deploy/setup/deploy.sh"
- export CLOUDFRONT_DISTRIBUTION_ID=$(python3 -c "import json; print(json.load(open('terraform/terraform-outputs.json'))['cloudfront_distribution_id']['value'])")
- aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*"
- bash ci-cd-commons/telegram_alert.sh "✅ Deploy DEV de proyectosacc completado exitosamente"
@@ -116,7 +130,7 @@ pipelines:
name: 01_image-setup
script:
- set -euo pipefail
- apt-get update -y && apt-get install -y openssh-client openjdk-21-jdk awscli
- apt-get update -y && apt-get install -y openssh-client openjdk-21-jdk awscli wget unzip
- mkdir -p ~/.ssh
- echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
- chmod 600 ~/.ssh/sacc4_key
@@ -133,11 +147,24 @@ pipelines:
- git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-saac4.git" ci-cd-saac4
- step:
name: 03_dependencies
name: 03_terraform
script:
- set -euo pipefail
- npm ci
- ./gradlew dependencies
- cd terraform
- wget -q "https://releases.hashicorp.com/terraform/1.11.4/terraform_1.11.4_linux_amd64.zip"
- unzip -q terraform_1.11.4_linux_amd64.zip
- mv terraform /usr/local/bin/terraform
- terraform version
- export AWS_ACCESS_KEY_ID="${PROD_AWS_ACCESS_KEY_ID}"
- export AWS_SECRET_ACCESS_KEY="${PROD_AWS_SECRET_ACCESS_KEY}"
- export AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-mx-central-1}"
- terraform init -backend-config=backend.prod.hcl
- terraform plan -var-file=environments/prod.tfvars -var="db_password=${PROD_DB_PASSWORD}" -out=prod.tfplan
- terraform apply -auto-approve prod.tfplan
- terraform output -json > terraform-outputs.json
- cat terraform-outputs.json
artifacts:
- terraform/terraform-outputs.json
- step:
name: 04_build
@@ -182,5 +209,6 @@ pipelines:
-o StrictHostKeyChecking=no \
"${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \
"bash /home/thoth/deploy/setup/deploy.sh"
- export CLOUDFRONT_DISTRIBUTION_ID=$(python3 -c "import json; print(json.load(open('terraform/terraform-outputs.json'))['cloudfront_distribution_id']['value'])")
- aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*"
- bash ci-cd-commons/telegram_alert.sh "✅ Deploy PROD de proyectosacc completado exitosamente"