Merge pull request #2 from dasmeta/DMVP-1660-generate-modules

DMVP-1660: generate modules

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "terraform"
+    directory:
+      - ./
+      - modules/variable-set
+    schedule:
+      interval: "daily"

.github/workflows/checkov.yaml

@@ -0,0 +1,23 @@
+name: Checkov
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        path:
+          - variable-set
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/checkov@main
+      with:
+        fetch-depth: 0
+        directory: modules/${{ matrix.path }}
+      continue-on-error: true

.github/workflows/pre-commit.yaml

@@ -0,0 +1,22 @@
+name: Pre-Commit
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+    steps:
+    - name: Pre-Commit
+      uses: dasmeta/reusable-actions-workflows/pre-commit@main
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: modules/${{ matrix.path }}
+      continue-on-error: true

.github/workflows/semantic.yaml

@@ -0,0 +1,21 @@
+name:  Semantic-Release
+on: [pull_request, push]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 16
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/terraform-test.yaml

@@ -0,0 +1,26 @@
+name: Terraform Test
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        path:
+          - ./
+          - modules/variable-set
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/terraform-test@main
+      with:
+        aws-region: ${{ secrets.AWS_REGION}}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: ${{ matrix.path }}
+      continue-on-error: true

.github/workflows/tflint.yaml

@@ -0,0 +1,27 @@
+name: Tflint
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        path:
+          - ./
+          - modules/variable-set
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/tflint@main
+      with:
+        aws-region: ${{ secrets.AWS_REGION}}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: ${{ matrix.path }}
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+      continue-on-error: true

.github/workflows/tfsec.yaml

@@ -0,0 +1,18 @@
+name: TFSEC
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-tfsec:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/tfsec@main
+      with:
+        fetch-depth: 0
+    continue-on-error: true

.gitignore

@@ -0,0 +1,34 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# terraform lock files
+*.lock.hcl
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+.DS_Store

.pre-commit-config.yaml

@@ -0,0 +1,28 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.3.0
+  hooks:
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args: [--markdown-linebreak-ext=md]
+      exclude: CHANGELOG.md
+    - id: check-yaml
+    - id: check-merge-conflict
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args: [--fix=lf]
+    - id: detect-aws-credentials
+      args: ['--allow-missing-credentials']
+    - id: detect-private-key
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.75.0
+  hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args:
+        - --hook-config=--path-to-file=README.md
+        - --hook-config=--add-to-existing-file=true
+        - --hook-config=--create-file-if-not-exist=true

README.md

@@ -1 +1,73 @@
-## terraform-tfe-cloud
+# terraform-tfe-cloud
+The module allows to generate terraform setups in folders and push/link them with terraform cloud workspace, for examples look into "./tests" folder
+
+## minimal example
+```hcl
+module "this" {
+  source = "dasmeta/cloud/tfe"
+
+  name           = "0-my-dns-setup"
+  module_source  = "dasmeta/dns/aws"
+  module_version = "1.0.0"
+  module_vars = {
+    zone_name   = dev.example.com
+    create_zone = true
+    records     = []
+  }
+}
+```
+
+to enable pre commit hooks run:
+```sh
+git config core.hooksPath githooks
+```
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
+| <a name="requirement_tfe"></a> [tfe](#requirement\_tfe) | ~> 0.40 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
+| <a name="provider_tfe"></a> [tfe](#provider\_tfe) | ~> 0.40 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [local_file.this](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [tfe_workspace.this](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/workspace) | resource |
+| [tfe_workspace_variable_set.this](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/workspace_variable_set) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_linked_workspaces"></a> [linked\_workspaces](#input\_linked\_workspaces) | The list of workspaces from where we can pull outputs and use in our module variables | `list(string)` | `null` | no |
+| <a name="input_module_providers"></a> [module\_providers](#input\_module\_providers) | The list of providers to add in providers.tf | <pre>list(object({<br>    name        = string<br>    version     = string<br>    source      = optional(string)<br>    alias       = optional(string)<br>    custom_vars = optional(any, {})<br>  }))</pre> | `[]` | no |
+| <a name="input_module_source"></a> [module\_source](#input\_module\_source) | The module source | `string` | n/a | yes |
+| <a name="input_module_vars"></a> [module\_vars](#input\_module\_vars) | The module variables | `any` | `{}` | no |
+| <a name="input_module_version"></a> [module\_version](#input\_module\_version) | The module version | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | module/repo-folder/workspace name and uniq identifier | `string` | n/a | yes |
+| <a name="input_repo"></a> [repo](#input\_repo) | git/vcs repository configurations | <pre>object({<br>    identifier         = string                  # <organization>/<repository> format repo identifier<br>    branch             = optional(string, null)  # will default to repo default branch if not set<br>    ingress_submodules = optional(string, false) # whether to fetch submodules a]when cloning vcs<br>    oauth_token_id     = optional(string, null)  # the auth token generated by resource tfe_oauth_client<br>    tags_regex         = optional(string, null)  # regular expression used to trigger Workspace run for matching Git tags<br>  })</pre> | `null` | no |
+| <a name="input_target_dir"></a> [target\_dir](#input\_target\_dir) | The directory where new module folder will be created, this will be terraform project repository root url | `string` | `"./"` | no |
+| <a name="input_terraform_backend"></a> [terraform\_backend](#input\_terraform\_backend) | Allows to set terraform backend configurations | <pre>object({<br>    name    = string<br>    configs = optional(any, {})<br>  })</pre> | <pre>{<br>  "configs": null,<br>  "name": null<br>}</pre> | no |
+| <a name="input_terraform_version"></a> [terraform\_version](#input\_terraform\_version) | The required\_version variable value for terraform{} block in versions.tf | `string` | `">= 1.3.0"` | no |
+| <a name="input_variable_set_ids"></a> [variable\_set\_ids](#input\_variable\_set\_ids) | The list of variable set ids to attach to workspace | `list(string)` | `null` | no |
+| <a name="input_workspace"></a> [workspace](#input\_workspace) | Terraform cloud workspace configurations | <pre>object({<br>    org                 = string<br>    tags                = optional(list(string), null)<br>    description         = optional(string, null)<br>    directory           = optional(string, "./") # this seems supposed to be the root directory of git repo<br>    global_remote_state = optional(bool, true)   # allow org workspaces access to this workspace state, TODO: there is a way to implement specific workspaces whitelisting using remote_state_consumer_ids, needs apply and testing<br><br>  })</pre> | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_debug"></a> [debug](#output\_debug) | n/a |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

commitlint.config.js

@@ -0,0 +1,5 @@
+module.exports = {
+    extends: [
+        "@commitlint/config-conventional"
+    ]
+}

githooks/commit-msg

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+RED='\033[1;31m'
+YELLOW='\033[1;33m'
+GREEN='\033[1;32m'
+NC='\033[0m'
+
+isNvmOk=false
+isYarnOk=false
+isNodeOk=false
+isGccOk=false
+
+source ~/.nvm/nvm.sh > /dev/null 2>&1
+nvm -v > /dev/null 2>&1
+if [ ! $? -eq 0 ]; then
+  mkdir ~/.nvm > /dev/null 2>&1
+  (curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash) > /dev/null 2>&1
+
+  source ~/.nvm/nvm.sh
+
+  if [ `command -v nvm` ]; then
+      isNvmOk=true
+      #echo -e "$${GREEN}[ OK ]$${NC} nvm installed successfully"
+  else
+      isNvmOk=false
+      #echo -e "$${RED}[ FAIL ]$${NC} Error during nvm installation"
+  fi
+fi
+
+
+if  [  `command -v node`  ]; then
+    isNodeOk=true
+    #echo -e "$${GREEN}[ OK ]$${NC} npm and node is already installed"
+else
+  #echo -e "$${YELLOW}[ WAIT ]$${NC} npm is not installed.. installing"
+  nvm install node > /dev/null 2>&1
+  if [ `command -v node` ] && [ `command -v npm` ]; then
+      isNodeOk=true
+      #echo -e "$${GREEN}[ OK ]$${NC} npm installed successfully"
+  fi
+
+#  mkdir ~/.npm-global > /dev/null 2>&1
+#  npm config set prefix '~/.npm-global' > /dev/null 2>&1
+#  export PATH=~/.npm-global/bin:$PATH > /dev/null 2>&1
+#  source ~/.profile > /dev/null 2>&1
+
+fi
+
+
+if [ `command -v yarn` ]; then
+  isYarnOk=true
+  #echo -e "$${GREEN}[ OK ]$${NC} Yarn already installed"
+
+else
+  rm -rf ~/.yarn
+  (curl -o- -L https://yarnpkg.com/install.sh | bash) > /dev/null 2>&1
+  export PATH="$HOME/.yarn/bin:$PATH"
+  yarn config set prefix ~/.yarn -g > /dev/null 2>&1
+
+  if [ `command -v yarn` ]; then
+    isYarnOk=true
+     # echo $yarn_result
+    #  echo -e "$${GREEN}[ OK ]$${NC} Yarn installed successfully"
+  fi
+fi
+
+#echo -e "$${GREEN}[ OK ]$${NC}" nvm cache clear --force
+
+PATH="/c/Program Files/nodejs:$HOME/AppData/Roaming/npm/:$PATH"
+
+npm install --global git-conventional-commits > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+    isGccOk=true
+   # echo -e "$${GREEN}[ OK ]$${NC} git-conventional-commit successfully installed"
+  else
+    isGccOk=false
+   # echo -e "$${RED}[ FAIL ]$${NC} Error during installation of git-conventional-commit"
+fi
+
+git-conventional-commits commit-msg-hook "$1"
+
+if [[ $isNodeOk && $isYarnOk && $isNvmOk && $isNodeOk ]]; then
+    echo -e "$${GREEN}[ OK ]$${NC} Dependencies installed successfully"
+else
+    echo -e "$${RED}[ FAIL ]$${NC} Error during dependency installation"
+fi

githooks/pre-commit

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e
+
+pre-commit run --show-diff-on-failure --color=always --all-files