mirror of https://github.com/coder/coder.git
167 lines
5.3 KiB
HCL
167 lines
5.3 KiB
HCL
terraform {
|
|
required_providers {
|
|
coder = {
|
|
source = "coder/coder"
|
|
}
|
|
docker = {
|
|
source = "kreuzwerker/docker"
|
|
}
|
|
artifactory = {
|
|
source = "registry.terraform.io/jfrog/artifactory"
|
|
}
|
|
}
|
|
}
|
|
|
|
locals {
|
|
# Make sure to use the same field as the username field in the Artifactory
|
|
# It can be either the username or the email address.
|
|
artifactory_username = data.coder_workspace.me.owner_email
|
|
artifactory_repository_keys = {
|
|
"npm" = "npm"
|
|
"python" = "python"
|
|
"go" = "go"
|
|
}
|
|
workspace_user = data.coder_workspace.me.owner
|
|
jfrog_host = replace(var.jfrog_url, "^https://", "")
|
|
}
|
|
|
|
data "coder_provisioner" "me" {}
|
|
|
|
provider "docker" {}
|
|
|
|
data "coder_workspace" "me" {}
|
|
|
|
variable "jfrog_url" {
|
|
type = string
|
|
description = "JFrog instance URL. For example, https://jfrog.example.com."
|
|
# validate the URL to ensure it starts with https:// or http://
|
|
validation {
|
|
condition = can(regex("^https?://", var.jfrog_url))
|
|
error_message = "JFrog URL must start with https:// or http://"
|
|
}
|
|
}
|
|
|
|
variable "artifactory_admin_access_token" {
|
|
type = string
|
|
description = "The admin-level access token to use for JFrog with scope applied-permissions/admin."
|
|
}
|
|
|
|
# Configure the Artifactory provider with the admin-level access token.
|
|
provider "artifactory" {
|
|
url = "${var.jfrog_url}/artifactory"
|
|
access_token = var.artifactory_admin_access_token
|
|
}
|
|
|
|
resource "artifactory_scoped_token" "me" {
|
|
# This is hacky, but on terraform plan the data source gives empty strings,
|
|
# which fails validation.
|
|
username = length(local.artifactory_username) > 0 ? local.artifactory_username : "plan"
|
|
}
|
|
|
|
resource "coder_agent" "main" {
|
|
arch = data.coder_provisioner.me.arch
|
|
os = "linux"
|
|
startup_script = <<-EOT
|
|
set -e
|
|
|
|
# install and start code-server
|
|
curl -fsSL https://code-server.dev/install.sh | sh -s -- --method=standalone --prefix=/tmp/code-server
|
|
/tmp/code-server/bin/code-server --auth none --port 13337 >/tmp/code-server.log 2>&1 &
|
|
|
|
# Install the JFrog VS Code extension.
|
|
# Find the latest version number at
|
|
# https://open-vsx.org/extension/JFrog/jfrog-vscode-extension.
|
|
/tmp/code-server/bin/code-server --install-extension jfrog.jfrog-vscode-extension
|
|
|
|
# The jf CLI checks $CI when determining whether to use interactive
|
|
# flows.
|
|
export CI=true
|
|
|
|
jf c rm 0 || true
|
|
echo ${artifactory_scoped_token.me.access_token} | \
|
|
jf c add --access-token-stdin --url ${var.jfrog_url} 0
|
|
|
|
# Configure the `npm` CLI to use the Artifactory "npm" repository.
|
|
cat << EOF > ~/.npmrc
|
|
email = ${data.coder_workspace.me.owner_email}
|
|
registry = ${var.jfrog_url}/artifactory/api/npm/${local.artifactory_repository_keys["npm"]}
|
|
EOF
|
|
jf rt curl /api/npm/auth >> .npmrc
|
|
|
|
# Configure the `pip` to use the Artifactory "python" repository.
|
|
mkdir -p ~/.pip
|
|
cat << EOF > ~/.pip/pip.conf
|
|
[global]
|
|
index-url = https://${local.artifactory_username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/pypi/${local.artifactory_repository_keys["python"]}/simple
|
|
EOF
|
|
|
|
EOT
|
|
# Set GOPROXY to use the Artifactory "go" repository.
|
|
env = {
|
|
GOPROXY : "https://${local.artifactory_username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/go/${local.artifactory_repository_keys["go"]}"
|
|
# Authenticate with JFrog extension.
|
|
JFROG_IDE_URL : "${var.jfrog_url}"
|
|
JFROG_IDE_USERNAME : "${local.artifactory_username}"
|
|
JFROG_IDE_PASSWORD : "${artifactory_scoped_token.me.access_token}"
|
|
JFROG_IDE_ACCESS_TOKEN : "${artifactory_scoped_token.me.access_token}"
|
|
JFROG_IDE_STORE_CONNECTION : "true"
|
|
}
|
|
}
|
|
|
|
resource "coder_app" "code-server" {
|
|
agent_id = coder_agent.main.id
|
|
slug = "code-server"
|
|
display_name = "code-server"
|
|
url = "http://localhost:13337/?folder=/home/${local.workspace_user}"
|
|
icon = "/icon/code.svg"
|
|
subdomain = false
|
|
share = "owner"
|
|
|
|
healthcheck {
|
|
url = "http://localhost:13337/healthz"
|
|
interval = 5
|
|
threshold = 6
|
|
}
|
|
}
|
|
|
|
resource "docker_volume" "home_volume" {
|
|
name = "coder-${data.coder_workspace.me.id}-home"
|
|
# Protect the volume from being deleted due to changes in attributes.
|
|
lifecycle {
|
|
ignore_changes = all
|
|
}
|
|
}
|
|
|
|
resource "docker_image" "main" {
|
|
name = "coder-${data.coder_workspace.me.id}"
|
|
build {
|
|
context = "${path.module}/build"
|
|
build_args = {
|
|
USER = local.workspace_user
|
|
}
|
|
}
|
|
triggers = {
|
|
dir_sha1 = sha1(join("", [for f in fileset(path.module, "build/*") : filesha1("${path.module}/${f}")]))
|
|
}
|
|
}
|
|
|
|
resource "docker_container" "workspace" {
|
|
count = data.coder_workspace.me.start_count
|
|
image = docker_image.main.name
|
|
# Uses lower() to avoid Docker restriction on container names.
|
|
name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
|
|
# Hostname makes the shell more user friendly: coder@my-workspace:~$
|
|
hostname = data.coder_workspace.me.name
|
|
entrypoint = ["sh", "-c", coder_agent.main.init_script]
|
|
env = ["CODER_AGENT_TOKEN=${coder_agent.main.token}"]
|
|
host {
|
|
host = "host.docker.internal"
|
|
ip = "host-gateway"
|
|
}
|
|
volumes {
|
|
container_path = "/home/${local.workspace_user}"
|
|
volume_name = docker_volume.home_volume.name
|
|
read_only = false
|
|
}
|
|
}
|