feat: Code needed for REST API CORS

.github/contributing.md

@@ -0,0 +1,34 @@
+# Contributing
+
+When contributing to this repository, please first discuss the change you wish to make via issue,
+email, or any other method with the owners of this repository before making a change.
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1. Update the README.md with details of changes including example hcl blocks and [example files](./examples) if appropriate.
+2. Run pre-commit hooks `pre-commit run -a`.
+3. Once all outstanding comments and checklist items have been addressed, your contribution will be merged! Merged PRs will be included in the next release. The terraform-aws-vpc maintainers take care of updating the CHANGELOG as they merge.
+
+## Checklists for contributions
+
+- [ ] Add [semantics prefix](#semantic-pull-requests) to your PR or Commits (at least one of your commit groups)
+- [ ] CI tests are passing
+- [ ] README.md has been updated after any changes to variables and outputs. See https://github.com/cloudandthings/terraform-aws-cors/#doc-generation
+- [ ] ~~Run pre-commit hooks `pre-commit run -a`~~ TODO
+
+## Semantic Pull Requests
+
+To generate changelog, Pull Requests or Commits must have semantic and must follow conventional specs below:
+
+- `feat:` for new features
+- `fix:` for bug fixes
+- `improvement:` for enhancements
+- `docs:` for documentation and examples
+- `refactor:` for code refactoring
+- `test:` for tests
+- `ci:` for CI purpose
+- `chore:` for chores stuff
+
+The `chore` prefix skipped during changelog generation. It can be used for `chore: update changelog` commit message by example.

.github/workflows/pr-title.yml

@@ -0,0 +1,54 @@
+name: Validate PR title
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    name: 👀 Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      # Please look up the latest version from
+      # https://github.com/amannn/action-semantic-pull-request/releases
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          # Configure which types are allowed.
+          # Default: https://github.com/commitizen/conventional-commit-types
+          types: |
+            fix
+            feat
+            docs
+            ci
+            chore
+          # Configure that a scope must always be provided.
+          requireScope: false
+          # Configure additional validation for the subject based on a regex.
+          # This example ensures the subject starts with a character.
+          subjectPattern: ^[A-Za-z].+$
+          # If `subjectPattern` is configured, you can use this property to override
+          # the default error message that is shown when the pattern doesn't match.
+          # The variables `subject` and `title` can be used within the message.
+          subjectPatternError: |
+            The subject "{subject}" found in the pull request title "{title}"
+            didn't match the configured pattern. Please ensure that the subject
+            starts with a character.
+          # For work-in-progress PRs you can typically use draft pull requests
+          # from Github. However, private repositories on the free plan don't have
+          # this option and therefore this action allows you to opt-in to using the
+          # special "[WIP]" prefix to indicate this state. This will avoid the
+          # validation of the PR title and the pull request checks remain pending.
+          # Note that a second check will be reported if this is enabled.
+          wip: true
+          # See: https://github.com/amannn/action-semantic-pull-request#legacy-configuration
+          # If the PR only contains a single commit, the action will validate that
+          # it matches the configured pattern.
+          validateSingleCommit: true
+          # Related to `validateSingleCommit` you can opt-in to validate that the PR
+          # title matches a single commit to avoid confusion.
+          validateSingleCommitMatchesPrTitle: true

.github/workflows/pre-commit-and-tests.yml

@@ -0,0 +1,58 @@
+name: pre-commit & tests
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - master
+      - develop
+
+permissions:
+  id-token: write
+  contents: read
+
+defaults:
+  # Set shell for steps inside containers (default=sh)
+  run:
+    shell: bash
+
+jobs:
+  #--------------------------------------------------------------
+  # PRE-COMMIT
+  #--------------------------------------------------------------
+  pre_commit:
+    name: 💍 pre-commit
+    # For public repos use runs-on: ubuntu-latest
+    # For private repos use runs-on: self-hosted
+    runs-on: ubuntu-latest
+    container: bjorncloudandthings/terraform-aws-github:latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+      - uses: hashicorp/setup-terraform@v2
+      - name: Install requirements
+        run: |
+          python -m venv .venv
+          source .venv/bin/activate
+          pip install pre-commit
+      - name: pre-commit run
+        run: |
+          source .venv/bin/activate
+          if [[ "${{ env.GITHUB_REPOSITORY}}" == "cloudandthings/terraform-aws-template" ]]; then
+            export SKIP=no-vanilla-readme
+          fi
+          echo ...running developer pre-commit checks...
+          pre-commit run --config .pre-commit-config.yaml --all-files --show-diff-on-failure
+          if [[ -f .github/.pre-commit-config.yaml ]]; then
+            echo ...running remote pre-commit checks...
+            pip install checkov
+            pre-commit run --config .github/.pre-commit-config.yaml --all-files --show-diff-on-failure
+          fi
+      - name: cat pre-commit log
+        if: failure()
+        run: |
+          LOG_FILE=~/.cache/pre-commit/pre-commit.log
+          [ -f $LOG_FILE ] && cat $LOG_FILE

.github/workflows/release.yml

@@ -0,0 +1,39 @@
+name: release
+
+# Overview ref: https://github.com/googleapis/release-please
+# Configuration ref: https://github.com/google-github-actions/release-please-action
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+
+defaults:
+  # Set shell for steps inside containers (default=sh)
+  run:
+    shell: bash
+
+jobs:
+  release:
+    # For public repos use runs-on: ubuntu-latest
+    # For private repos use runs-on: self-hosted
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-please.outputs.release_created }}
+      tag_name: ${{ steps.release-please.outputs.tag_name }}
+    steps:
+      - name: release-please
+        uses: google-github-actions/release-please-action@v3
+        id: release-please
+        with:
+          release-type: simple
+          # These bumps are honoured only if there is an
+          # initial tag of v0.1.0 . Create it manually if needed.
+          #
+          # BREAKING CHANGE only bumps semver minor if version < 1.0.0
+          bump-minor-pre-major: true
+          # feat commits bump semver patch instead of minor if version < 1.0.0
+          bump-patch-for-minor-pre-major: true

.gitignore

@@ -0,0 +1,26 @@
+# Ignore Terraform state files
+*.tfstate
+*.tfstate.backup
+*.tfplan
+
+# Ignore any .terraform directories
+**/.terraform/*
+
+# Ignore .terraform.lock.hcl file
+.terraform.lock.hcl
+
+# Ignore crash log files
+crash.log
+
+# Ignore .tfvars files that contain sensitive information
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and don't need to be committed
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

.pre-commit-config.yaml

@@ -0,0 +1,87 @@
+# https://pre-commit.com/
+# More hooks available at:
+# https://pre-commit.com/hooks.html
+
+# INSTALL ON MAC:
+# brew install pre-commit
+
+# INSTALL ON WINDOWS:
+# pip install pre-commit
+
+# INSTALL hooks for this workspace
+# pre-commit install
+
+exclude: '^modules/external/.*$'
+
+repos:
+# TERRAFORM
+  # If running tf-docs it must be run first to avoid race condition relating to version constraints.
+  # BUG: terraform_docs hook conflicts when used more than once.
+  # Workaround with Python
+  - repo: local
+    hooks:
+    - id: Terraform docs
+      name: Terraform docs
+      entry: python examples/terraform-docs.py
+      language: system
+      types: [python]
+      always_run: true
+      pass_filenames: false
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.74.1
+    hooks:
+      # - id: terraform_docs
+      #  args:
+      #    - --args=--lockfile=false
+      #    - --args=--config=.tfdocs-config.yml
+      - id: terraform_fmt
+      - id: terraform_validate
+        # [^/]+: Exclude root module. Validation is done via examples/basic
+        # see https://github.com/antonbabenko/pre-commit-terraform#terraform_validate
+        exclude: |
+            (?x)^(
+                tests/.*|
+                [^/]+|
+            )$
+      - id: terraform_tflint
+        # Configure tflint by creating and updating the config file below.
+        args: ['--args=--config=__GIT_WORKING_DIR__/.tflint.hcl']
+      #-----------------------------------------
+      # Moved to .github/.pre-commit-config.yaml
+      #-----------------------------------------
+      # - id: terraform_tfsec
+      #   files: ^.*.tf$
+      #   # Configure tfsec by creating and updating the config file below.
+      #   args: ['--args=--config-file=__GIT_WORKING_DIR__/.tfsec-config.yml']
+      # - id: terraform_checkov
+      #   # Configure checkov by creating and updating the config file below.
+      #   args: ['--args=--config-file __GIT_WORKING_DIR__/.checkov-config.yml']
+
+# PRECOMMIT - GENERAL
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+      - id: check-added-large-files
+        args: ['--maxkb=1024']
+      - id: check-case-conflict
+      - id: check-json
+        exclude: tsconfig.json|devcontainer.json
+      # - id: pretty-format-json
+      #   exclude: tsconfig.json|package-lock.json|package.json
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-toml
+      - id: check-vcs-permalinks
+      - id: check-xml
+      - id: check-yaml
+      - id: detect-aws-credentials
+        args: ['--allow-missing-credentials']
+      - id: detect-private-key
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args: ['--fix=lf']
+      - id: no-commit-to-branch
+        args: ['--branch', 'develop', '--branch', 'main', '--branch', 'master']
+      - id: requirements-txt-fixer
+      - id: trailing-whitespace

.tfdocs-config.yml

@@ -0,0 +1,70 @@
+formatter: "markdown table" # this is required
+
+version: ">= 0.13.0, < 1.0.0"
+
+# header-from: main.tf
+# footer-from: ""
+
+recursive:
+  enabled: true
+  path: local-modules
+  include: "**/*.tf"
+
+sections:
+  hide: []
+  show: []
+
+
+content: |-
+  ## Terraform Documentation
+  {{ .Inputs }}
+
+  ----
+  {{ .Modules }}
+
+  ----
+  {{ .Outputs }}
+
+  ----
+  {{ .Providers }}
+
+  ----
+  {{ .Requirements }}
+
+  ----
+  {{ .Resources }}
+
+  ----
+
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 3
+  lockfile: false
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true