diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..1b3251f --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,19 @@ +Feature: + - head-branch: ['^feature', 'feature'] +Hotfix: + - head-branch: ['^hotfix', 'hotfix'] +Documentation: +- changed-files: + - any-glob-to-any-file: '**/*.md' +CICD: +- changed-files: + - any-glob-to-any-file: '.github/**' + +typescript: +- changed-files: + - any-glob-to-any-file: '**/*.ts' +css: +- changed-files: + - any-glob-to-any-file: '**/*.css' + + diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..ccf23da --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,33 @@ +# Description + +Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change. + +Fixes # (issue) + +## Type of change + +Please delete options that are not relevant. + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] This change requires a documentation update + +# How Has This Been Tested? + +Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration + +- [ ] Test A +- [ ] Test B + + +# Checklist: + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests or screenshots that prove my fix is effective or that my feature works +- [ ] Any dependent changes have been merged and published in downstream modules + diff --git a/.github/reviewers.yml b/.github/reviewers.yml new file mode 100644 index 0000000..0e371d2 --- /dev/null +++ b/.github/reviewers.yml @@ -0,0 +1,4 @@ +reviewers: + defaults: + - repository-owners + - bbrauneck \ No newline at end of file diff --git a/.github/workflows/commit-message-validator.yaml b/.github/workflows/commit-message-validator.yaml new file mode 100644 index 0000000..173ce0c --- /dev/null +++ b/.github/workflows/commit-message-validator.yaml @@ -0,0 +1,12 @@ +name: Commit linter +on: + pull_request: + branches: [main, master] +jobs: + commitlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: wagoid/commitlint-github-action@v5 diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml index 3e8a4d8..ecbd70f 100644 --- a/.github/workflows/dependabot.yaml +++ b/.github/workflows/dependabot.yaml @@ -11,7 +11,7 @@ jobs: steps: - name: Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.2.1 + uses: dependabot/fetch-metadata@v2.2.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Approve a PR diff --git a/.github/workflows/labelling.yaml b/.github/workflows/labelling.yaml new file mode 100644 index 0000000..205e046 --- /dev/null +++ b/.github/workflows/labelling.yaml @@ -0,0 +1,47 @@ +name: label PRs +on: + pull_request: + branches: [dev, master] +jobs: + size-label: + needs: pr-reviewer + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: size-label + uses: "pascalgn/size-label-action@v0.5.0" + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + sizes: > + { + "0": "XS", + "20": "S", + "50": "M", + "200": "L", + "800": "XL", + "2000": "XXL" + } + - name: general-labels + uses: actions/labeler@v5 + with: + sync-labels: true + pr-reviewer: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 + - name: Request review and assign + uses: necojackarc/auto-request-review@v0.13.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + config: .github/reviewers.yml + use_local: true diff --git a/.github/workflows/megalinter.yaml b/.github/workflows/megalinter.yaml index c3945b4..f1cf0cb 100644 --- a/.github/workflows/megalinter.yaml +++ b/.github/workflows/megalinter.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 @@ -26,7 +26,7 @@ jobs: DISABLE_LINTERS: TERRAFORM_TERRASCAN - name: Archive production artifacts if: ${{ success() }} || ${{ failure() }} - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: MegaLinter reports path: | diff --git a/.github/workflows/tagging.yaml b/.github/workflows/tagging.yaml index 2a89990..816de24 100644 --- a/.github/workflows/tagging.yaml +++ b/.github/workflows/tagging.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.gitignore b/.gitignore index b0d92b9..96a4948 100644 --- a/.gitignore +++ b/.gitignore @@ -1,21 +1,464 @@ +# Misc +mega-linter.log +.idea + +# Local .terraform directories **/.terraform/* + +# .tfstate files *.tfstate *.tfstate.* -terraform.rc -.terraformrc + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json +**/*.tfvars +**/**.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in override.tf override.tf.json *_override.tf *_override.tf.json -**/*.tfvars -**/**.tfvars.json -cache/** -crash.log +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl +.terraform +# MacOS General +.DS_Store +.AppleDouble +.LSOverride +# Icon must end with two \r +Icon +# Thumbnails +._* -**/.DS_STORE -report/** -mega-linter.log +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# Visual Studio History (VSHistory) files +.vshistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5cd2118..bb5c949 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,13 +1,13 @@ --- repos: - repo: https://github.com/compilerla/conventional-pre-commit - rev: v1.2.0 + rev: v3.2.0 hooks: - id: conventional-pre-commit stages: [commit-msg] args: [] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.1.0 + rev: v4.6.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -32,7 +32,7 @@ repos: args: - -b main - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.62.0 + rev: v1.89.1 hooks: - id: terraform_fmt - id: terraform_docs @@ -40,14 +40,12 @@ repos: - --hook-config=--path-to-file=README.md - --hook-config=--add-to-existing-file=true - --hook-config=--create-file-if-not-exist=true - - id: terraform_tfsec - - id: checkov - repo: https://github.com/sirosen/check-jsonschema - rev: 0.13.0 + rev: 0.28.3 hooks: - id: check-github-workflows - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.5.1 + rev: v4.0.0-alpha.8 hooks: - id: prettier stages: [commit] diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..88c4db8 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,132 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of + any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, + without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[INSERT CONTACT METHOD]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][mozilla coc]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][faq]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[mozilla coc]: https://github.com/mozilla/diversity +[faq]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/README.md b/README.md index d91a53d..684cdaf 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,101 @@ +[](https://xoap.io) +[](https://terraform.io) +[](https://opensource.org/licenses/MIT) + # Table of Contents -- [Table of Contents](#table-of-contents) - - [Usage](#usage) - - [Requirements](#requirements) - - [Providers](#providers) - - [Modules](#modules) - - [Resources](#resources) - - [Inputs](#inputs) - - [Outputs](#outputs) +- [Introduction](#introduction) +- [Guidelines](#guidelines) +- [Requirements](#requirements) +- [Providers](#providers) +- [Modules](#modules) +- [Resources](#resources) +- [Inputs](#inputs) +- [Outputs](#outputs) + +--- + +## Introduction + +This is a template for Terraform modules. + +It is part of our XOAP Automation Forces Open Source community library to give you a quick start into Infrastructure as Code deployments with Terraform. + +We have a lot of Terraform modules that are Open Source and maintained by the XOAP staff. + +Please check the links for more info, including usage information and full documentation: + +- [XOAP Website](https://xoap.io) +- [XOAP Documentation](https://docs.xoap.io) +- [Twitter](https://twitter.com/xoap_io) +- [LinkedIn](https://www.linkedin.com/company/xoap_io) + +--- + +## Guidelines + +We are using the following guidelines to write code and make it easier for everyone to follow a destinctive guideline. Please check these links before starting to work on changes. + +[](CODE_OF_CONDUCT.md) + +Git Naming Conventions are an important part of the development process. They descrtibe how Branched, Commit Messages, Pull Requests and Tags should look like to make the easily understandebla for everybody in the development chain. + +[Git Naming Conventions](https://namingconvention.org/git/) + +he Conventional Commits specification is a lightweight convention on top of commit messages. It provides an easy set of rules for creating an explicit commit history; which makes it easier to write automated tools on top of. + +[Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) + +The better a Pull Request description is, the better a review can understand and decide on how to review the changes. This improves implementation speed and reduces communication between the requester and the reviewer resulting in much less overhead. + +[Wiriting A Great Pull Request Description](https://www.pullrequest.com/blog/writing-a-great-pull-request-description/) + +Versioning is a crucial part for Terraform Stacks and Modules. Without version tags you cannot clearly create a stable environment and be sure that your latest changes won't crash your production environment (sure it still can happen, but we are trying our best to implement everything that we can to reduce the risk) + +[Semantic Versioning](https://semver.org) + +Naming Conventions for Terraform resources must be used. + +[Terraform Naming Conventions](https://www.terraform-best-practices.com/naming) + +--- ## Usage -various commands +### Installation + +For the first ime using this template necessary tools need to be installed. +A script for PowerShell Core is provided under ./build/init.ps1 + +This script will install following dependencies: + +- [pre-commit](https://github.com/pre-commit/pre-commit) +- [terraform-docs](https://github.com/terraform-docs/terraform-docs) +- [tflint](https://github.com/terraform-linters/tflint) +- [tfsec](https://github.com/aquasecurity/tfsec) +- [checkov](https://github.com/bridgecrewio/checkov) +- [terrascan](https://github.com/accurics/terrascan) +- [kics](https://github.com/Checkmarx/kics) -[](code_of_conduct.md) +This script configures: + +- global git template under ~/.git-template +- global pre-commit hooks for prepare-commit-msg and commit-msg under ~/.git-template/hooks +- github actions: + - linting and checks for pull requests from dev to master/main + - automatic tagging and release creation on pushes to master/main + - dependabot updates + +It currently supports the automated installation for macOS. Support for Windows and Linux will be available soon. + +### Synchronisation + +We provided a script under ./build/sync_template.ps1 to fetch the latest changes from this template repository. +Please be aware that this is mainly a copy operation which means all your current changes have to be committed first and after running the script you have to merge this changes into your codebase. + +### Configuration + +--- @@ -22,32 +104,81 @@ various commands | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.1.6 | -| [aws](#requirement\_aws) | >=4.0.0 | +| [terraform](#requirement\_terraform) | >=1.1.6 | +| [aws](#requirement\_aws) | >= 4.8.0 | ## Providers -No providers. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.8.0 | ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [bucket](#module\_bucket) | git::github.com/xoap-io/terraform-aws-storage-s3.git | v0.1.3 | +| [this\_label](#module\_this\_label) | git::github.com/xoap-io/terraform-aws-misc-label | v0.1.1 | ## Resources -No resources. +| Name | Type | +|------|------| +| [aws_cloudfront_cache_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_cache_policy) | resource | +| [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource | +| [aws_cloudfront_origin_request_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_request_policy) | resource | +| [aws_cloudfront_response_headers_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_response_headers_policy) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [context](#input\_context) | Default context for naming and tagging purpose |
object({| n/a | yes | +| [allowed\_methods](#input\_allowed\_methods) | Allowed methods for accessing the CloudFront Distribution | `list(string)` |
organization = string
environment = string
account = string
product = string
tags = map(string)
})
[| no | +| [cached\_methods](#input\_cached\_methods) | Cache methods for accessing the CloudFront Distribution | `list(string)` |
"GET",
"HEAD",
"OPTIONS"
]
[| no | +| [cf\_default\_ttl](#input\_cf\_default\_ttl) | CloudFront default TTL for cachine | `string` | `"86400"` | no | +| [cf\_max\_ttl](#input\_cf\_max\_ttl) | CloudFront maximum TTL for caching | `string` | `"31536000"` | no | +| [cf\_min\_ttl](#input\_cf\_min\_ttl) | CloudFront minimum TTL for caching | `string` | `"0"` | no | +| [cf\_price\_class](#input\_cf\_price\_class) | CloudFront price class | `string` | `"PriceClass_All"` | no | +| [cloudfront\_aliases](#input\_cloudfront\_aliases) | List of hostnames to serve site on. E.g. with and without www | `list(string)` | n/a | yes | +| [cloudfront\_allowed\_methods](#input\_cloudfront\_allowed\_methods) | Allowed methods for accessing the CloudFront Distribution | `list(string)` |
"GET",
"HEAD"
]
[| no | +| [cloudfront\_cached\_methods](#input\_cloudfront\_cached\_methods) | Cache methods for accessing the CloudFront Distribution | `list(string)` |
"GET",
"HEAD",
"OPTIONS",
"PUT",
"POST",
"PATCH",
"DELETE"
]
[| no | +| [cloudfront\_certificate\_arn](#input\_cloudfront\_certificate\_arn) | ARN of the ACM certificate to use for cloudfront. Must be issued in us-east-1 | `string` | n/a | yes | +| [cloudfront\_default\_ttl](#input\_cloudfront\_default\_ttl) | CloudFront default TTL for cachine | `string` | `"1"` | no | +| [cloudfront\_max\_ttl](#input\_cloudfront\_max\_ttl) | CloudFront maximum TTL for caching | `string` | `"10"` | no | +| [cloudfront\_min\_ttl](#input\_cloudfront\_min\_ttl) | CloudFront minimum TTL for caching | `string` | `"0"` | no | +| [cloudfront\_minimum\_tls\_version](#input\_cloudfront\_minimum\_tls\_version) | Minimum allowed TLS version | `string` | `"TLSv1.2_2021"` | no | +| [cloudfront\_origin\_id](#input\_cloudfront\_origin\_id) | Origin ID used in CloudFront | `string` | `"alb"` | no | +| [cloudfront\_price\_class](#input\_cloudfront\_price\_class) | CloudFront price class | `string` | `"PriceClass_All"` | no | +| [cloudfront\_viewer\_protocol\_policy](#input\_cloudfront\_viewer\_protocol\_policy) | One of allow-all, https-only, or redirect-to-https | `string` | `"redirect-to-https"` | no | +| [context](#input\_context) | Default environmental context |
"GET",
"HEAD"
]
object({| n/a | yes | +| [cors\_allowed\_headers](#input\_cors\_allowed\_headers) | List of headers allowed in CORS | `list(string)` | `[]` | no | +| [cors\_allowed\_methods](#input\_cors\_allowed\_methods) | List of methods allowed in CORS | `list(string)` |
organization = string
environment = string
account = string
product = string
tags = map(string)
})
[| no | +| [cors\_allowed\_origins](#input\_cors\_allowed\_origins) | List of origins allowed to make CORS requests | `list(string)` |
"GET"
]
[| no | +| [cors\_expose\_headers](#input\_cors\_expose\_headers) | List of headers to expose in CORS response | `list(string)` | `[]` | no | +| [cors\_max\_age\_seconds](#input\_cors\_max\_age\_seconds) | Specifies time in seconds that browser can cache the response for a preflight request | `string` | `3000` | no | +| [custom\_error\_response](#input\_custom\_error\_response) | Optionally a list of custom error response configurations for CloudFront distribution |
"https://s3.amazonaws.com"
]
set(object({| `null` | no | +| [default\_root\_object](#input\_default\_root\_object) | CloudFront distribution default\_root\_object | `string` | `"index.html"` | no | +| [error\_document](#input\_error\_document) | Error page document in S3 bucket | `string` | `"404.html"` | no | +| [index\_document](#input\_index\_document) | Index page document in S3 bucket | `string` | `"index.html"` | no | +| [logging\_bucket](#input\_logging\_bucket) | Target Bucket name for logging | `string` | n/a | yes | +| [minimum\_tls\_version](#input\_minimum\_tls\_version) | Minimum support TLS version | `string` | `"TLSv1.2_2021"` | no | +| [origin\_path](#input\_origin\_path) | Path in S3 bucket for hosted files, with leading slash | `string` | `""` | no | +| [routing\_rules](#input\_routing\_rules) | A json array containing routing rules describing redirect behavior and when redirects are applied | `map(string)` |
error_code = number
response_code = number
response_page_path = string
}))
{| no | +| [s3\_origin\_id](#input\_s3\_origin\_id) | Origin ID used in CloudFront | `string` | `"s3-origin"` | no | +| [site\_name](#input\_site\_name) | Name of bucket to be created in S3. Must be globally unique. | `string` | n/a | yes | +| [viewer\_protocol\_policy](#input\_viewer\_protocol\_policy) | One of allow-all, https-only, or redirect-to-https | `string` | `"redirect-to-https"` | no | ## Outputs | Name | Description | |------|-------------| -| [context](#output\_context) | Exported context from input variable | +| [aliases](#output\_aliases) | n/a | +| [cloudfront\_arn](#output\_cloudfront\_arn) | n/a | +| [cloudfront\_hostname](#output\_cloudfront\_hostname) | n/a | +| [cloudfront\_id](#output\_cloudfront\_id) | n/a | +| [cloudfront\_zone\_id](#output\_cloudfront\_zone\_id) | n/a | +| [s3](#output\_s3) | n/a | +| [this](#output\_this) | n/a | diff --git a/build/init.ps1 b/build/init.ps1 new file mode 100644 index 0000000..1b10fe4 --- /dev/null +++ b/build/init.ps1 @@ -0,0 +1,78 @@ +$brewPackages = @( + "pre-commit", + "gawk", + "terraform-docs", + "tflint", + "tfsec", + "coreutils", + "checkov", + "terrascan", + "golang", + "Checkmarx/tap/kics" + +) +function ReplaceAllStringsInFile($SearchString, $ReplaceString, $FullPathToFile) { + $content = [System.IO.File]::ReadAllText("$FullPathToFile").Replace("$SearchString", "$ReplaceString") + [System.IO.File]::WriteAllText("$FullPathToFile", $content) +} +function SetupPreCommit { + Write-host "Configuring pre-commit..." + $dir = Join-Path $env:HOME ".git-template" + if (Test-Path "$dir") { + Remove-item -Recurse -Force -Path "$dir" -Verbose + } + $globalHooks = Join-path $dir "hooks" + $localHooks = "$PSScriptRoot/../.git/hooks" + if (Test-Path "$localHooks") { + Remove-item -Recurse -Force -Path "$localHooks" -Verbose + } + + New-Item -ItemType Directory -Path $dir + git config --global init.templateDir $dir + git config --global core.hooksPath $dir/hooks + pre-commit init-templatedir -t pre-commit $dir + pre-commit init-templatedir -t prepare-commit-msg $dir + pre-commit init-templatedir -t commit-msg $dir + + Copy-Item $globalHooks -Destination $localHooks -Recurse -Verbose +} +function InstallMacDependencies { + foreach ($package in $brewPackages) { + Write-Host "Going to check for package $package" + brew install $package + } +} +function FixReadme { + $file = "$PSScriptRoot/../README.md" + $path = Get-Item "$PSScriptRoot/.." + ReplaceAllStringsInFile -SearchString "TERRAFORM-MODULE-TEMPLATE" -ReplaceString $path.Name.ToUpper() -FullPathToFile $file +} + +function PrintAdditionalNeededConfig { + Write-Host "Please add following statements to your .bashrc or .zshrc" + Write-host " +Optional: + export GOPATH=`$HOME/dev/go-workspace + export GOROOT=/usr/local/opt/go/libexec + export PATH=`$PATH:`$GOPATH/bin + export PATH=`$PATH:`$GOROOT/bin +Required: + export TF_PLUGIN_CACHE_DIR=~/.terraform-cache + export KICS_QUERIES_PATH=/usr/local/opt/kics/share/kics/assets/queries" +} + +if ($IsWindows) { + Write-Error "This script is currently not able to setup windows systems" + exit 1 +} +if ($IsLinux) { + Write-Error "This script is currently not able to setup linux systems" + exit 1 +} +if ($IsMacOS) { + InstallMacDependencies + PrintAdditionalNeededConfig +} + +SetupPreCommit +FixReadme diff --git a/build/sync_template.ps1 b/build/sync_template.ps1 new file mode 100644 index 0000000..27499ab --- /dev/null +++ b/build/sync_template.ps1 @@ -0,0 +1,27 @@ +$protectedFiles = @( + "main.tf", + "outputs.tf" + "variables.tf" +) +$ChangedFiles = $(git status --porcelain | Measure-Object | Select-Object -expand Count) +if ($ChangedFiles -gt 0) +{ + Write-Error "Found $ChangedFiles changed files. Please commit or stash them before using this script." + exit 0 +} + +$tempPath = Join-Path $([system.io.path]::GetTempPath()) "xoap-template" + +if(Test-path "$tempPath"){ + Write-Host "Removing old temporary files for xoap module template" + Remove-Item "$tempPath" -Recurse -Force -Verbose +} + +git clone https://github.com/xoap-io/terraform-module-template.git $tempPath + +$templateItems = Get-ChildItem $tempPath -File | Where-Object {$_.Name -notin $protectedFiles} + +foreach($item in $templateItems){ + $targetPath = $item.FullName.Replace($tempPath, "${PSScriptRoot}/..") + Copy-Item $item.FullName -Destination $targetPath -Force -Verbose +} diff --git a/docs/BEST-PRACTICES.md b/docs/BEST-PRACTICES.md index f2be2d6..9ca37b7 100644 --- a/docs/BEST-PRACTICES.md +++ b/docs/BEST-PRACTICES.md @@ -2,7 +2,7 @@ ## Module naming -terraform-
"/": "index.html"
}