admin: add copywrite headers and workflow (#132)

hashicorp-forge · May 9, 2024 · c2870f1 · c2870f1
1 parent 77b4105
commit c2870f1
Show file tree

Hide file tree

Showing 109 changed files with 348 additions and 0 deletions.
diff --git a/.copywrite.hcl b/.copywrite.hcl
@@ -0,0 +1,7 @@
+schema_version = 1
+
+project {
+  license        = "MPL-2.0"
+  copyright_year = 2024
+  header_ignore  = []
+}
diff --git a/.github/workflows/copywrite.yml b/.github/workflows/copywrite.yml
@@ -0,0 +1,20 @@
+name: Check Copywrite Headers
+
+on:
+  push: {}
+
+jobs:
+  copywrite:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      - uses: hashicorp/setup-copywrite@867a1a2a064a0626db322392806428f7dc59cb3e # v1.1.2
+        name: Setup Copywrite
+        with:
+          version: v0.16.4
+          archive-checksum: c299f830e6eef7e126a3c6ef99ac6f43a3c132d830c769e0d36fa347fa1af254
+      - name: Check Copywrite Headers
+        run: copywrite headers --plan
+
+permissions:
+  contents: read
diff --git a/infra/eu-west-2/core-nomad/aws_ebs_csi.tf b/infra/eu-west-2/core-nomad/aws_ebs_csi.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 locals {
   aws_ebs_csi_plugin_id = "aws-ebs"
 }

diff --git a/infra/eu-west-2/core-nomad/influxdb.tf b/infra/eu-west-2/core-nomad/influxdb.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 locals {
   influxdb_org_name = "nomad-eng"
 }

diff --git a/infra/eu-west-2/core-nomad/main.tf b/infra/eu-west-2/core-nomad/main.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 data "terraform_remote_state" "core" {
   backend = "local"
 

diff --git a/infra/eu-west-2/core-nomad/output.tf b/infra/eu-west-2/core-nomad/output.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 output "influxdb_org_name" {
   value = local.influxdb_org_name
 }

diff --git a/infra/eu-west-2/core-nomad/provider.tf b/infra/eu-west-2/core-nomad/provider.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 terraform {
   backend "local" {
     path = "terraform.tfstate"

diff --git a/infra/eu-west-2/core/ansible/inventory.yaml b/infra/eu-west-2/core/ansible/inventory.yaml
@@ -1,2 +1,5 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 plugin: "cloud.terraform.terraform_provider"
 project_path: "./.."
diff --git a/infra/eu-west-2/core/ansible/playbook.yaml b/infra/eu-west-2/core/ansible/playbook.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - ansible.builtin.import_playbook: "playbook_bastion.yaml"
 - ansible.builtin.import_playbook: "playbook_server.yaml"
 - ansible.builtin.import_playbook: "playbook_client.yaml"

diff --git a/infra/eu-west-2/core/ansible/playbook_bastion.yaml b/infra/eu-west-2/core/ansible/playbook_bastion.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - hosts: bastion
   roles:
     - role: common

diff --git a/infra/eu-west-2/core/ansible/playbook_client.yaml b/infra/eu-west-2/core/ansible/playbook_client.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - hosts: client
   roles:
     - role: common

diff --git a/infra/eu-west-2/core/ansible/playbook_lb.yaml b/infra/eu-west-2/core/ansible/playbook_lb.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - hosts: lb
   roles:
     - role: common

diff --git a/infra/eu-west-2/core/ansible/playbook_nuke_state.yaml b/infra/eu-west-2/core/ansible/playbook_nuke_state.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - hosts: server:client
   gather_facts: false
   tasks:

diff --git a/infra/eu-west-2/core/ansible/playbook_server.yaml b/infra/eu-west-2/core/ansible/playbook_server.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - hosts: server
   roles:
     - role: common

diff --git a/infra/eu-west-2/core/bastion.tf b/infra/eu-west-2/core/bastion.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module "bastion" {
   source = "../../../shared/terraform/modules/bastion"
 

diff --git a/infra/eu-west-2/core/lb.tf b/infra/eu-west-2/core/lb.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module "core_cluster_lb" {
   source = "../../../shared/terraform/modules/nomad-lb"
 

diff --git a/infra/eu-west-2/core/main.tf b/infra/eu-west-2/core/main.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 locals {
   allowed_cidrs = [for ip in var.allowed_ip_addresses : "${ip}/32"]
 

diff --git a/infra/eu-west-2/core/output.tf b/infra/eu-west-2/core/output.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 output "message" {
   value = <<-EOM
 Your ${var.project_name} cluster has been provisioned!

diff --git a/infra/eu-west-2/core/provider.tf b/infra/eu-west-2/core/provider.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 terraform {
   backend "local" {
     path = "terraform.tfstate"

diff --git a/infra/eu-west-2/core/terraform.tfvars b/infra/eu-west-2/core/terraform.tfvars
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 region       = "eu-west-2"
 project_name = "bench-core-jrasell-test"
 

diff --git a/infra/eu-west-2/core/variables.tf b/infra/eu-west-2/core/variables.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 variable "region" {}
 variable "project_name" {}
 variable "allowed_ip_addresses" {}
diff --git a/infra/eu-west-2/test-cluster-template/ansible/inventory.yaml b/infra/eu-west-2/test-cluster-template/ansible/inventory.yaml
@@ -1,2 +1,5 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 plugin: "cloud.terraform.terraform_provider"
 project_path: "./.."
diff --git a/infra/eu-west-2/test-cluster-template/ansible/playbook.yaml b/infra/eu-west-2/test-cluster-template/ansible/playbook.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - hosts: bastion
   roles:
     - role: build

diff --git a/infra/eu-west-2/test-cluster-template/main.tf b/infra/eu-west-2/test-cluster-template/main.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 locals {
   test_clusters = {
     "${var.project_name}-cluster-1" = {

diff --git a/infra/eu-west-2/test-cluster-template/outputs.tf b/infra/eu-west-2/test-cluster-template/outputs.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 output "message" {
   value = <<EOF
 Your test clusters have been provisioned!

diff --git a/infra/eu-west-2/test-cluster-template/providers.tf b/infra/eu-west-2/test-cluster-template/providers.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 terraform {
   required_providers {
     ansible = {

diff --git a/infra/eu-west-2/test-cluster-template/variables.tf b/infra/eu-west-2/test-cluster-template/variables.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 variable "project_name" {
   type = string
   default = "jrasell-test"

diff --git a/shared/ansible/requirements.yaml b/shared/ansible/requirements.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 roles:
   - src: "geerlingguy.docker"
     version: "7.1.0"

diff --git a/shared/ansible/roles/build/defaults/main.yaml b/shared/ansible/roles/build/defaults/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 build_apt_packages: [
   "build-essential",
   "git",

diff --git a/shared/ansible/roles/build/tasks/main.yaml b/shared/ansible/roles/build/tasks/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "assert_build_nomad_local_code_path"
   ansible.builtin.assert:
     that:

diff --git a/shared/ansible/roles/cni/defaults/main.yaml b/shared/ansible/roles/cni/defaults/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 cni_plugins_path: "/opt/cni/bin"
 cni_plugins_version: "1.3.0"
 

diff --git a/shared/ansible/roles/cni/tasks/install.yaml b/shared/ansible/roles/cni/tasks/install.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "create_cni_plugin_dir"
   become: true
   ansible.builtin.file:

diff --git a/shared/ansible/roles/cni/tasks/main.yaml b/shared/ansible/roles/cni/tasks/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "check_cni_plugins"
   ansible.builtin.stat:
     path: "{{ cni_plugins_path }}"

diff --git a/shared/ansible/roles/common/tasks/main.yaml b/shared/ansible/roles/common/tasks/main.yaml
@@ -1 +1,4 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - amazon.aws.ec2_metadata_facts:
diff --git a/shared/ansible/roles/influxdb_telegraf/defaults/main.yaml b/shared/ansible/roles/influxdb_telegraf/defaults/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 influxdb_telegraf_install_dir: "/usr/local/bin"
 influxdb_telegraf_version: "1.29.2"
 influxdb_telegraf_config_dir: "/etc/telegraf.d/"

diff --git a/shared/ansible/roles/influxdb_telegraf/handlers/main.yaml b/shared/ansible/roles/influxdb_telegraf/handlers/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "restart_influxdb_telegraf"
   become: true
   ansible.builtin.service:

diff --git a/shared/ansible/roles/influxdb_telegraf/tasks/main.yaml b/shared/ansible/roles/influxdb_telegraf/tasks/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "create_config_dir"
   become: true
   ansible.builtin.file:

diff --git a/shared/ansible/roles/nomad/defaults/main.yaml b/shared/ansible/roles/nomad/defaults/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 nomad_pkg_version: "" # defaults to latest
 
 nomad_user: root

diff --git a/shared/ansible/roles/nomad/files/anonymous.policy.hcl b/shared/ansible/roles/nomad/files/anonymous.policy.hcl
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 namespace "default" {
   policy       = "read"
   capabilities = ["list-jobs", "read-job"]

diff --git a/shared/ansible/roles/nomad/handlers/main.yaml b/shared/ansible/roles/nomad/handlers/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "restart_nomad"
   become: true
   ansible.builtin.service:

diff --git a/shared/ansible/roles/nomad/tasks/acl_bootstrap.yaml b/shared/ansible/roles/nomad/tasks/acl_bootstrap.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "bootstrap_acl"
   run_once: true
   ansible.builtin.command: "nomad acl bootstrap -json"

diff --git a/shared/ansible/roles/nomad/tasks/host_volume.yaml b/shared/ansible/roles/nomad/tasks/host_volume.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "create_host_volume"
   become: true
   ansible.builtin.file:

diff --git a/shared/ansible/roles/nomad/tasks/main.yaml b/shared/ansible/roles/nomad/tasks/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "download_hashicorp_gpg_key"
   become: true
   ansible.builtin.get_url:

diff --git a/shared/ansible/roles/nomad/tasks/tls.yaml b/shared/ansible/roles/nomad/tasks/tls.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "create_tls_directory"
   become: true
   ansible.builtin.file:

diff --git a/shared/ansible/roles/nomad_lb/defaults/main.yaml b/shared/ansible/roles/nomad_lb/defaults/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 nomad_lb_nginx_apt_version: "1.18.0-6ubuntu14.4"
 nomad_lb_ca_cert: ""
 nomad_lb_tls_cert: ""

diff --git a/shared/ansible/roles/nomad_lb/handlers/main.yaml b/shared/ansible/roles/nomad_lb/handlers/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "restart_nginx"
   become: true
   ansible.builtin.service:

diff --git a/shared/ansible/roles/nomad_lb/tasks/main.yaml b/shared/ansible/roles/nomad_lb/tasks/main.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 - name: "install_nginx"
   become: true
   ansible.builtin.apt:

diff --git a/shared/nomad/jobs/influxdb.nomad.hcl b/shared/nomad/jobs/influxdb.nomad.hcl
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 variable "influxdb_bucket_name" {
   type        = string
   default     = "default"

diff --git a/shared/nomad/jobs/plugin-aws-ebs-controller.nomad.hcl b/shared/nomad/jobs/plugin-aws-ebs-controller.nomad.hcl
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 variable "plugin_id" {
   type    = string
   default = "aws-ebs"

diff --git a/shared/nomad/jobs/plugin-aws-ebs-nodes.nomad.hcl b/shared/nomad/jobs/plugin-aws-ebs-nodes.nomad.hcl
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 variable "plugin_id" {
   type    = string
   default = "aws-ebs"

diff --git a/shared/nomad/jobs/tfc-agent.nomad.hcl b/shared/nomad/jobs/tfc-agent.nomad.hcl
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 job "tfc-agents" {
   group "nomad-bench" {
     task "tfc-agent" {

diff --git a/shared/terraform/modules/bastion/instance.tf b/shared/terraform/modules/bastion/instance.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 resource "aws_instance" "bastion" {
   ami                         = var.ami_id
   instance_type               = var.instance_type

diff --git a/shared/terraform/modules/bastion/output.tf b/shared/terraform/modules/bastion/output.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 output "public_ip" {
   value = aws_instance.bastion.public_ip
 }
diff --git a/shared/terraform/modules/bastion/variables.tf b/shared/terraform/modules/bastion/variables.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 variable "project_name" {
   description = "The name that will be associated with all AWS resources."
   type        = string

diff --git a/shared/terraform/modules/nomad-cluster/ansible.tf b/shared/terraform/modules/nomad-cluster/ansible.tf
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 locals {
   nomad_aws_server_join = "provider=aws tag_key=Nomad_role tag_value=${aws_instance.servers[0].tags.Nomad_role}"
 }